3346 lines
No EOL
134 KiB
JSON
3346 lines
No EOL
134 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5950fd6b-2b68-42c6-9855-47cc950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-04T13:40:24.000Z",
|
|
"modified": "2017-07-04T13:40:24.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5950fd6b-2b68-42c6-9855-47cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-04T13:40:24.000Z",
|
|
"modified": "2017-07-04T13:40:24.000Z",
|
|
"name": "M2M - Emailing: ########.jpg zip|wsf",
|
|
"published": "2017-07-04T13:41:21Z",
|
|
"object_refs": [
|
|
"indicator--5950fd6c-22a0-4e69-bd33-48eb950d210f",
|
|
"indicator--5950fd6c-bae0-4a8a-a6f5-466b950d210f",
|
|
"indicator--5950fd6c-3bf4-4e21-a9b2-4997950d210f",
|
|
"indicator--5950fd6c-952c-49f6-98e2-498e950d210f",
|
|
"indicator--5950fd6d-e354-47aa-b450-8c2d950d210f",
|
|
"indicator--5950fd6d-b1b8-4c62-9ee3-4e09950d210f",
|
|
"observed-data--5950fd6d-ab0c-4626-a495-4343950d210f",
|
|
"network-traffic--5950fd6d-ab0c-4626-a495-4343950d210f",
|
|
"ipv4-addr--5950fd6d-ab0c-4626-a495-4343950d210f",
|
|
"indicator--5950fd6d-1230-42ac-abbc-837b950d210f",
|
|
"indicator--5950fd6d-66fc-43cf-aaba-4ba1950d210f",
|
|
"observed-data--5950fd6d-26c8-4708-9693-4d91950d210f",
|
|
"network-traffic--5950fd6d-26c8-4708-9693-4d91950d210f",
|
|
"ipv4-addr--5950fd6d-26c8-4708-9693-4d91950d210f",
|
|
"indicator--5950fd6e-7dd4-4d83-9abd-4597950d210f",
|
|
"indicator--5950fd6e-6d6c-4042-8934-8380950d210f",
|
|
"observed-data--5950fd6e-8300-4e79-af37-4e41950d210f",
|
|
"network-traffic--5950fd6e-8300-4e79-af37-4e41950d210f",
|
|
"ipv4-addr--5950fd6e-8300-4e79-af37-4e41950d210f",
|
|
"indicator--5950fd6e-25bc-46f4-b7fe-da14950d210f",
|
|
"indicator--5950fd6e-7b10-4fc5-b2c6-43d8950d210f",
|
|
"observed-data--5950fd6f-100c-46b1-a61b-4376950d210f",
|
|
"network-traffic--5950fd6f-100c-46b1-a61b-4376950d210f",
|
|
"ipv4-addr--5950fd6f-100c-46b1-a61b-4376950d210f",
|
|
"indicator--5950fd6f-e7b4-44e3-8d67-8c36950d210f",
|
|
"indicator--5950fd6f-d894-4534-81fb-44e9950d210f",
|
|
"observed-data--5950fd74-9b04-4c8a-9c97-4d5a950d210f",
|
|
"network-traffic--5950fd74-9b04-4c8a-9c97-4d5a950d210f",
|
|
"ipv4-addr--5950fd74-9b04-4c8a-9c97-4d5a950d210f",
|
|
"observed-data--5950fd74-2208-4df9-9609-4f6e950d210f",
|
|
"network-traffic--5950fd74-2208-4df9-9609-4f6e950d210f",
|
|
"ipv4-addr--5950fd74-2208-4df9-9609-4f6e950d210f",
|
|
"indicator--5950fd74-e6fc-4e1d-b781-4616950d210f",
|
|
"indicator--5950fd75-e08c-46c4-b04c-4f20950d210f",
|
|
"observed-data--5950fd75-962c-42bb-bee7-d5c6950d210f",
|
|
"network-traffic--5950fd75-962c-42bb-bee7-d5c6950d210f",
|
|
"ipv4-addr--5950fd75-962c-42bb-bee7-d5c6950d210f",
|
|
"indicator--5950fd75-7a1c-4a3f-97bf-8c2d950d210f",
|
|
"indicator--5950fd75-4ba0-4ab0-9db6-476b950d210f",
|
|
"observed-data--5950fd75-d970-4299-97e5-4110950d210f",
|
|
"network-traffic--5950fd75-d970-4299-97e5-4110950d210f",
|
|
"ipv4-addr--5950fd75-d970-4299-97e5-4110950d210f",
|
|
"indicator--5950fd76-8afc-4360-9545-837b950d210f",
|
|
"indicator--5950fd76-add8-407b-b230-4dd0950d210f",
|
|
"observed-data--5950fd76-9fb4-4030-bcf1-49ae950d210f",
|
|
"network-traffic--5950fd76-9fb4-4030-bcf1-49ae950d210f",
|
|
"ipv4-addr--5950fd76-9fb4-4030-bcf1-49ae950d210f",
|
|
"indicator--5950fd76-c6b0-4b04-9090-41f8950d210f",
|
|
"indicator--5950fd76-6360-41a9-b7e0-8380950d210f",
|
|
"observed-data--5950fd77-3614-4a0a-b774-479a950d210f",
|
|
"network-traffic--5950fd77-3614-4a0a-b774-479a950d210f",
|
|
"ipv4-addr--5950fd77-3614-4a0a-b774-479a950d210f",
|
|
"indicator--5950fd77-8d94-4d57-87f8-da14950d210f",
|
|
"indicator--5950fd77-8974-478e-bb27-416b950d210f",
|
|
"observed-data--5950fd77-c594-4ebe-bcc2-458a950d210f",
|
|
"network-traffic--5950fd77-c594-4ebe-bcc2-458a950d210f",
|
|
"ipv4-addr--5950fd77-c594-4ebe-bcc2-458a950d210f",
|
|
"indicator--5950fd77-ee90-488b-a7bf-8c36950d210f",
|
|
"indicator--5950fd77-e968-47a0-8766-48e5950d210f",
|
|
"observed-data--5950fd78-147c-4ad2-afe4-4be9950d210f",
|
|
"network-traffic--5950fd78-147c-4ad2-afe4-4be9950d210f",
|
|
"ipv4-addr--5950fd78-147c-4ad2-afe4-4be9950d210f",
|
|
"indicator--5950fd78-51bc-4f38-91e6-485d950d210f",
|
|
"indicator--5950fd78-59a4-49eb-85ba-4928950d210f",
|
|
"observed-data--5950fd7c-9d1c-4035-9a61-449c950d210f",
|
|
"network-traffic--5950fd7c-9d1c-4035-9a61-449c950d210f",
|
|
"ipv4-addr--5950fd7c-9d1c-4035-9a61-449c950d210f",
|
|
"indicator--5950fd7c-5258-4ffb-9172-d5c6950d210f",
|
|
"indicator--5950fd7c-2a64-4272-96d9-8c2d950d210f",
|
|
"observed-data--5950fd7d-d5b8-4f78-ae23-44ce950d210f",
|
|
"network-traffic--5950fd7d-d5b8-4f78-ae23-44ce950d210f",
|
|
"ipv4-addr--5950fd7d-d5b8-4f78-ae23-44ce950d210f",
|
|
"indicator--5950fd7d-dc30-499a-a88b-4a6e950d210f",
|
|
"indicator--5950fd7d-3b44-4fee-99ec-837b950d210f",
|
|
"observed-data--5950fd7d-d680-4ddd-a83f-44bd950d210f",
|
|
"network-traffic--5950fd7d-d680-4ddd-a83f-44bd950d210f",
|
|
"ipv4-addr--5950fd7d-d680-4ddd-a83f-44bd950d210f",
|
|
"indicator--5950fd7d-f2e4-40bd-9f4d-40a7950d210f",
|
|
"indicator--5950fd7d-4868-4609-9581-4641950d210f",
|
|
"observed-data--5950fd7e-1c98-4f7d-9382-8380950d210f",
|
|
"network-traffic--5950fd7e-1c98-4f7d-9382-8380950d210f",
|
|
"ipv4-addr--5950fd7e-1c98-4f7d-9382-8380950d210f",
|
|
"indicator--5950fd7e-acd4-4e79-95aa-41e3950d210f",
|
|
"indicator--5950fd7e-80e8-4bed-bf52-da14950d210f",
|
|
"observed-data--5950fd7f-fc3c-42cc-8e5e-43a1950d210f",
|
|
"network-traffic--5950fd7f-fc3c-42cc-8e5e-43a1950d210f",
|
|
"ipv4-addr--5950fd7f-fc3c-42cc-8e5e-43a1950d210f",
|
|
"indicator--5950fd7f-ac14-48e3-9d62-4f5f950d210f",
|
|
"indicator--5950fd7f-5618-42b5-bb76-8c36950d210f",
|
|
"observed-data--5950fd7f-0180-41bd-9ad0-425b950d210f",
|
|
"network-traffic--5950fd7f-0180-41bd-9ad0-425b950d210f",
|
|
"ipv4-addr--5950fd7f-0180-41bd-9ad0-425b950d210f",
|
|
"indicator--5950fd7f-1f48-4c75-b1e3-4377950d210f",
|
|
"indicator--5950fd80-ec38-46c9-89ed-46d5950d210f",
|
|
"observed-data--5950fd80-77e4-4071-aee0-453e950d210f",
|
|
"network-traffic--5950fd80-77e4-4071-aee0-453e950d210f",
|
|
"ipv4-addr--5950fd80-77e4-4071-aee0-453e950d210f",
|
|
"indicator--5950fd80-1c58-48ca-8f0f-4349950d210f",
|
|
"indicator--5950fd80-83a4-4610-a04b-d5c6950d210f",
|
|
"indicator--5950fd81-fe38-4658-b4e2-4291950d210f",
|
|
"indicator--5950fd81-0614-4b67-875c-4095950d210f",
|
|
"observed-data--5950fd82-b208-4063-9b0a-837b950d210f",
|
|
"network-traffic--5950fd82-b208-4063-9b0a-837b950d210f",
|
|
"ipv4-addr--5950fd82-b208-4063-9b0a-837b950d210f",
|
|
"indicator--5950fd82-c300-4c24-a72e-45a3950d210f",
|
|
"indicator--5950fd82-0cc4-41d9-8d4e-8380950d210f",
|
|
"observed-data--5950fd82-bcc8-4f7d-80ac-4a52950d210f",
|
|
"network-traffic--5950fd82-bcc8-4f7d-80ac-4a52950d210f",
|
|
"ipv4-addr--5950fd82-bcc8-4f7d-80ac-4a52950d210f",
|
|
"indicator--5950fd82-8808-4e91-8c17-da14950d210f",
|
|
"indicator--5950fd82-5fd8-48fa-94b3-44f1950d210f",
|
|
"observed-data--5950fd83-3584-4b22-8dc9-49bf950d210f",
|
|
"network-traffic--5950fd83-3584-4b22-8dc9-49bf950d210f",
|
|
"ipv4-addr--5950fd83-3584-4b22-8dc9-49bf950d210f",
|
|
"indicator--5950fd83-aa74-4e10-a644-8c36950d210f",
|
|
"indicator--5950fd83-4170-4e98-9cd7-4394950d210f",
|
|
"observed-data--5950fd83-f8cc-4d18-adf2-4aad950d210f",
|
|
"network-traffic--5950fd83-f8cc-4d18-adf2-4aad950d210f",
|
|
"ipv4-addr--5950fd83-f8cc-4d18-adf2-4aad950d210f",
|
|
"indicator--5950fd83-2334-4b8c-9a82-4da9950d210f",
|
|
"indicator--5950fd83-dd48-43ef-881f-4f83950d210f",
|
|
"observed-data--5950fd84-fa64-4787-9378-40b6950d210f",
|
|
"network-traffic--5950fd84-fa64-4787-9378-40b6950d210f",
|
|
"ipv4-addr--5950fd84-fa64-4787-9378-40b6950d210f",
|
|
"indicator--5950fd84-12b8-4b95-82d8-d5c6950d210f",
|
|
"indicator--5950fd84-c064-4286-a62a-8c2d950d210f",
|
|
"indicator--5950fd84-cd8c-4a09-a479-4aca950d210f",
|
|
"indicator--5950fd84-1a5c-4406-8bb5-837b950d210f",
|
|
"observed-data--5950fd84-2f5c-4797-a937-49ff950d210f",
|
|
"network-traffic--5950fd84-2f5c-4797-a937-49ff950d210f",
|
|
"ipv4-addr--5950fd84-2f5c-4797-a937-49ff950d210f",
|
|
"observed-data--5950fd85-273c-4136-88cb-4d65950d210f",
|
|
"url--5950fd85-273c-4136-88cb-4d65950d210f",
|
|
"observed-data--5950fd85-6ee4-4777-b593-4a1d950d210f",
|
|
"network-traffic--5950fd85-6ee4-4777-b593-4a1d950d210f",
|
|
"ipv4-addr--5950fd85-6ee4-4777-b593-4a1d950d210f",
|
|
"indicator--5950fd85-b47c-45b9-b5d3-4c9c950d210f",
|
|
"indicator--5950fd85-732c-44e7-989a-4485950d210f",
|
|
"indicator--5950fd85-1ae4-4d50-bcaf-8c36950d210f",
|
|
"indicator--5950fd86-d2e4-47c6-99e6-4d25950d210f",
|
|
"indicator--5950fd86-d3b4-4136-b28e-464f950d210f",
|
|
"indicator--5950fd86-1ad0-405a-8435-d5c6950d210f",
|
|
"indicator--5950fd86-9ce4-4ed4-a3b2-4d28950d210f",
|
|
"indicator--5950fd86-8be8-4bdd-a4b5-4e4d950d210f",
|
|
"indicator--5950fd87-04f0-49d5-9cc6-4182950d210f",
|
|
"indicator--5950fd87-cf90-4245-814a-8380950d210f",
|
|
"observed-data--5950fd87-4448-49c5-86e3-da14950d210f",
|
|
"network-traffic--5950fd87-4448-49c5-86e3-da14950d210f",
|
|
"ipv4-addr--5950fd87-4448-49c5-86e3-da14950d210f",
|
|
"indicator--5950fd87-6ab0-4232-ba84-46c2950d210f",
|
|
"indicator--5950fd87-c8c8-4a22-96c2-4d4a950d210f",
|
|
"indicator--5950fd88-9864-4ad0-9799-4f7b950d210f",
|
|
"indicator--5950fd88-c050-4be1-97ca-475e950d210f",
|
|
"indicator--5950fd88-e518-4eee-ba9c-43a0950d210f",
|
|
"indicator--5950fd88-7b24-4d86-a525-837b950d210f",
|
|
"indicator--5950fd89-ecdc-4bea-8502-402e950d210f",
|
|
"indicator--5950fd89-1710-4191-b4aa-4142950d210f",
|
|
"indicator--5950fd8a-f368-46ff-acfc-4c07950d210f",
|
|
"indicator--5950fd8a-b1fc-48ca-9a58-47be950d210f",
|
|
"indicator--5950fd8a-53ec-4ca3-b1cd-4f60950d210f",
|
|
"indicator--5950fd8a-c648-4bd7-bd2a-41b6950d210f",
|
|
"indicator--5950fd8a-706c-479d-85fd-4314950d210f",
|
|
"indicator--5950fd8a-b3d4-4237-b116-d5c6950d210f",
|
|
"observed-data--5950fd8b-4dbc-4add-9128-8c2d950d210f",
|
|
"url--5950fd8b-4dbc-4add-9128-8c2d950d210f",
|
|
"observed-data--5950fd8b-18e8-47aa-a967-4307950d210f",
|
|
"url--5950fd8b-18e8-47aa-a967-4307950d210f",
|
|
"indicator--59520c72-7e94-43f2-8137-420a02de0b81",
|
|
"indicator--59520c72-56e8-4410-8fef-4fa902de0b81",
|
|
"observed-data--59520c72-9c5c-4ba2-acb7-41ac02de0b81",
|
|
"url--59520c72-9c5c-4ba2-acb7-41ac02de0b81",
|
|
"indicator--59520c72-0a38-4956-9dae-43c002de0b81",
|
|
"indicator--59520c72-f4dc-4d5f-882e-42d302de0b81",
|
|
"observed-data--59520c72-2144-4121-9e0b-472102de0b81",
|
|
"url--59520c72-2144-4121-9e0b-472102de0b81",
|
|
"indicator--59520c72-cd68-44d0-b41d-4d5a02de0b81",
|
|
"indicator--59520c72-685c-4d5f-b8a1-446702de0b81",
|
|
"observed-data--59520c72-d140-4f82-8e97-4a6802de0b81",
|
|
"url--59520c72-d140-4f82-8e97-4a6802de0b81",
|
|
"indicator--59520c72-9668-4c7f-9f84-4c0402de0b81",
|
|
"indicator--59520c72-3a80-4949-8267-48b002de0b81",
|
|
"observed-data--59520c72-de58-4283-ad79-42b902de0b81",
|
|
"url--59520c72-de58-4283-ad79-42b902de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6c-22a0-4e69-bd33-48eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8d36150d3c7bc8b110aa5043d5a627ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6c-bae0-4a8a-a6f5-466b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '42bfb1b88507e786265705d52c111c3b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6c-3bf4-4e21-a9b2-4997950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'af5b3827d56e2f046b59f37fc17b5605']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6c-952c-49f6-98e2-498e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ebabb63dcfc05da4a75d156ae5a38cf50e5cd1aea17abc6f59adfe463bb5b21a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6d-e354-47aa-b450-8c2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://1010technologies.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6d-b1b8-4c62-9ee3-4e09950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = '1010technologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd6d-ab0c-4626-a495-4343950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd6d-ab0c-4626-a495-4343950d210f",
|
|
"ipv4-addr--5950fd6d-ab0c-4626-a495-4343950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd6d-ab0c-4626-a495-4343950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd6d-ab0c-4626-a495-4343950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd6d-ab0c-4626-a495-4343950d210f",
|
|
"value": "66.115.159.76"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6d-1230-42ac-abbc-837b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://1time.nl/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6d-66fc-43cf-aaba-4ba1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = '1time.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd6d-26c8-4708-9693-4d91950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd6d-26c8-4708-9693-4d91950d210f",
|
|
"ipv4-addr--5950fd6d-26c8-4708-9693-4d91950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd6d-26c8-4708-9693-4d91950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd6d-26c8-4708-9693-4d91950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd6d-26c8-4708-9693-4d91950d210f",
|
|
"value": "213.247.45.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6e-7dd4-4d83-9abd-4597950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://actiononsports.net/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6e-6d6c-4042-8934-8380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'actiononsports.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd6e-8300-4e79-af37-4e41950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd6e-8300-4e79-af37-4e41950d210f",
|
|
"ipv4-addr--5950fd6e-8300-4e79-af37-4e41950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd6e-8300-4e79-af37-4e41950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd6e-8300-4e79-af37-4e41950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd6e-8300-4e79-af37-4e41950d210f",
|
|
"value": "200.91.87.50"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6e-25bc-46f4-b7fe-da14950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://asathlon.it/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6e-7b10-4fc5-b2c6-43d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'asathlon.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd6f-100c-46b1-a61b-4376950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd6f-100c-46b1-a61b-4376950d210f",
|
|
"ipv4-addr--5950fd6f-100c-46b1-a61b-4376950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd6f-100c-46b1-a61b-4376950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd6f-100c-46b1-a61b-4376950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd6f-100c-46b1-a61b-4376950d210f",
|
|
"value": "151.1.182.11"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6f-e7b4-44e3-8d67-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://brontorittoozzo.com/af/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd6f-d894-4534-81fb-44e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'brontorittoozzo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd74-9b04-4c8a-9c97-4d5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd74-9b04-4c8a-9c97-4d5a950d210f",
|
|
"ipv4-addr--5950fd74-9b04-4c8a-9c97-4d5a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd74-9b04-4c8a-9c97-4d5a950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd74-9b04-4c8a-9c97-4d5a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd74-9b04-4c8a-9c97-4d5a950d210f",
|
|
"value": "46.173.218.214"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd74-2208-4df9-9609-4f6e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd74-2208-4df9-9609-4f6e950d210f",
|
|
"ipv4-addr--5950fd74-2208-4df9-9609-4f6e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd74-2208-4df9-9609-4f6e950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd74-2208-4df9-9609-4f6e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd74-2208-4df9-9609-4f6e950d210f",
|
|
"value": "46.173.218.249"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd74-e6fc-4e1d-b781-4616950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://chocolatesbazaar.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd75-e08c-46c4-b04c-4f20950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'chocolatesbazaar.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd75-962c-42bb-bee7-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd75-962c-42bb-bee7-d5c6950d210f",
|
|
"ipv4-addr--5950fd75-962c-42bb-bee7-d5c6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd75-962c-42bb-bee7-d5c6950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd75-962c-42bb-bee7-d5c6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd75-962c-42bb-bee7-d5c6950d210f",
|
|
"value": "103.195.185.86"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd75-7a1c-4a3f-97bf-8c2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://dansstudio-arabesque.be/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd75-4ba0-4ab0-9db6-476b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'dansstudio-arabesque.be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd75-d970-4299-97e5-4110950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd75-d970-4299-97e5-4110950d210f",
|
|
"ipv4-addr--5950fd75-d970-4299-97e5-4110950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd75-d970-4299-97e5-4110950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd75-d970-4299-97e5-4110950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd75-d970-4299-97e5-4110950d210f",
|
|
"value": "188.165.245.131"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd76-8afc-4360-9545-837b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://ddplgroup.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd76-add8-407b-b230-4dd0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'ddplgroup.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd76-9fb4-4030-bcf1-49ae950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd76-9fb4-4030-bcf1-49ae950d210f",
|
|
"ipv4-addr--5950fd76-9fb4-4030-bcf1-49ae950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd76-9fb4-4030-bcf1-49ae950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd76-9fb4-4030-bcf1-49ae950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd76-9fb4-4030-bcf1-49ae950d210f",
|
|
"value": "208.91.198.172"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd76-c6b0-4b04-9090-41f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://drzewina.pl/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd76-6360-41a9-b7e0-8380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'drzewina.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd77-3614-4a0a-b774-479a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd77-3614-4a0a-b774-479a950d210f",
|
|
"ipv4-addr--5950fd77-3614-4a0a-b774-479a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd77-3614-4a0a-b774-479a950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd77-3614-4a0a-b774-479a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd77-3614-4a0a-b774-479a950d210f",
|
|
"value": "79.96.81.157"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd77-8d94-4d57-87f8-da14950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://fursath.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd77-8974-478e-bb27-416b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'fursath.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd77-c594-4ebe-bcc2-458a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd77-c594-4ebe-bcc2-458a950d210f",
|
|
"ipv4-addr--5950fd77-c594-4ebe-bcc2-458a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd77-c594-4ebe-bcc2-458a950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd77-c594-4ebe-bcc2-458a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd77-c594-4ebe-bcc2-458a950d210f",
|
|
"value": "103.53.42.209"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd77-ee90-488b-a7bf-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://ibudian.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd77-e968-47a0-8766-48e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'ibudian.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd78-147c-4ad2-afe4-4be9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd78-147c-4ad2-afe4-4be9950d210f",
|
|
"ipv4-addr--5950fd78-147c-4ad2-afe4-4be9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd78-147c-4ad2-afe4-4be9950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd78-147c-4ad2-afe4-4be9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd78-147c-4ad2-afe4-4be9950d210f",
|
|
"value": "122.9.52.203"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd78-51bc-4f38-91e6-485d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://image.ddianle.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd78-59a4-49eb-85ba-4928950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'image.ddianle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd7c-9d1c-4035-9a61-449c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd7c-9d1c-4035-9a61-449c950d210f",
|
|
"ipv4-addr--5950fd7c-9d1c-4035-9a61-449c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd7c-9d1c-4035-9a61-449c950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd7c-9d1c-4035-9a61-449c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd7c-9d1c-4035-9a61-449c950d210f",
|
|
"value": "218.92.226.47"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7c-5258-4ffb-9172-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://itbouquet.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7c-2a64-4272-96d9-8c2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'itbouquet.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd7d-d5b8-4f78-ae23-44ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd7d-d5b8-4f78-ae23-44ce950d210f",
|
|
"ipv4-addr--5950fd7d-d5b8-4f78-ae23-44ce950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd7d-d5b8-4f78-ae23-44ce950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd7d-d5b8-4f78-ae23-44ce950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd7d-d5b8-4f78-ae23-44ce950d210f",
|
|
"value": "115.186.148.123"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7d-dc30-499a-a88b-4a6e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://malamalamak9.net/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7d-3b44-4fee-99ec-837b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'malamalamak9.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd7d-d680-4ddd-a83f-44bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd7d-d680-4ddd-a83f-44bd950d210f",
|
|
"ipv4-addr--5950fd7d-d680-4ddd-a83f-44bd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd7d-d680-4ddd-a83f-44bd950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd7d-d680-4ddd-a83f-44bd950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd7d-d680-4ddd-a83f-44bd950d210f",
|
|
"value": "74.122.121.8"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7d-f2e4-40bd-9f4d-40a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://melakatropical.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7d-4868-4609-9581-4641950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'melakatropical.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd7e-1c98-4f7d-9382-8380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd7e-1c98-4f7d-9382-8380950d210f",
|
|
"ipv4-addr--5950fd7e-1c98-4f7d-9382-8380950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd7e-1c98-4f7d-9382-8380950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd7e-1c98-4f7d-9382-8380950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd7e-1c98-4f7d-9382-8380950d210f",
|
|
"value": "113.23.219.24"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7e-acd4-4e79-95aa-41e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://partyangel.in/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7e-80e8-4bed-bf52-da14950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'partyangel.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd7f-fc3c-42cc-8e5e-43a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd7f-fc3c-42cc-8e5e-43a1950d210f",
|
|
"ipv4-addr--5950fd7f-fc3c-42cc-8e5e-43a1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd7f-fc3c-42cc-8e5e-43a1950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd7f-fc3c-42cc-8e5e-43a1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd7f-fc3c-42cc-8e5e-43a1950d210f",
|
|
"value": "103.50.162.56"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7f-ac14-48e3-9d62-4f5f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://polistar.net/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7f-5618-42b5-bb76-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'polistar.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd7f-0180-41bd-9ad0-425b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd7f-0180-41bd-9ad0-425b950d210f",
|
|
"ipv4-addr--5950fd7f-0180-41bd-9ad0-425b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd7f-0180-41bd-9ad0-425b950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd7f-0180-41bd-9ad0-425b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd7f-0180-41bd-9ad0-425b950d210f",
|
|
"value": "89.111.176.93"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd7f-1f48-4c75-b1e3-4377950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://rakwhitecement.ae/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd80-ec38-46c9-89ed-46d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'rakwhitecement.ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd80-77e4-4071-aee0-453e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd80-77e4-4071-aee0-453e950d210f",
|
|
"ipv4-addr--5950fd80-77e4-4071-aee0-453e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd80-77e4-4071-aee0-453e950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd80-77e4-4071-aee0-453e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd80-77e4-4071-aee0-453e950d210f",
|
|
"value": "69.65.3.213"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd80-1c58-48ca-8f0f-4349950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://randomessstioprottoy.net/af/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd80-83a4-4610-a04b-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'randomessstioprottoy.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd81-fe38-4658-b4e2-4291950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://rotarychieti.it/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd81-0614-4b67-875c-4095950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'rotarychieti.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd82-b208-4063-9b0a-837b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd82-b208-4063-9b0a-837b950d210f",
|
|
"ipv4-addr--5950fd82-b208-4063-9b0a-837b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd82-b208-4063-9b0a-837b950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd82-b208-4063-9b0a-837b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd82-b208-4063-9b0a-837b950d210f",
|
|
"value": "151.1.182.14"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd82-c300-4c24-a72e-45a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://skyfling.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd82-0cc4-41d9-8d4e-8380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'skyfling.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd82-bcc8-4f7d-80ac-4a52950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd82-bcc8-4f7d-80ac-4a52950d210f",
|
|
"ipv4-addr--5950fd82-bcc8-4f7d-80ac-4a52950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd82-bcc8-4f7d-80ac-4a52950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd82-bcc8-4f7d-80ac-4a52950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd82-bcc8-4f7d-80ac-4a52950d210f",
|
|
"value": "103.53.42.51"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd82-8808-4e91-8c17-da14950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://unitedtanga.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd82-5fd8-48fa-94b3-44f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'unitedtanga.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd83-3584-4b22-8dc9-49bf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd83-3584-4b22-8dc9-49bf950d210f",
|
|
"ipv4-addr--5950fd83-3584-4b22-8dc9-49bf950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd83-3584-4b22-8dc9-49bf950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd83-3584-4b22-8dc9-49bf950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd83-3584-4b22-8dc9-49bf950d210f",
|
|
"value": "98.124.251.68"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd83-aa74-4e10-a644-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://veecans.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd83-4170-4e98-9cd7-4394950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'veecans.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd83-f8cc-4d18-adf2-4aad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd83-f8cc-4d18-adf2-4aad950d210f",
|
|
"ipv4-addr--5950fd83-f8cc-4d18-adf2-4aad950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd83-f8cc-4d18-adf2-4aad950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd83-f8cc-4d18-adf2-4aad950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd83-f8cc-4d18-adf2-4aad950d210f",
|
|
"value": "203.195.235.254"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd83-2334-4b8c-9a82-4da9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://www.losangelesrelocationservices.net/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd83-dd48-43ef-881f-4f83950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'www.losangelesrelocationservices.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd84-fa64-4787-9378-40b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd84-fa64-4787-9378-40b6950d210f",
|
|
"ipv4-addr--5950fd84-fa64-4787-9378-40b6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd84-fa64-4787-9378-40b6950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd84-fa64-4787-9378-40b6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd84-fa64-4787-9378-40b6950d210f",
|
|
"value": "67.55.90.212"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd84-12b8-4b95-82d8-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://www.manhattanbeachmovers.net/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd84-c064-4286-a62a-8c2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'www.manhattanbeachmovers.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd84-cd8c-4a09-a479-4aca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://xn----8sb4abph0af.com/Hhbdg47bn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd84-1a5c-4406-8bb5-837b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'xn----8sb4abph0af.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd84-2f5c-4797-a937-49ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd84-2f5c-4797-a937-49ff950d210f",
|
|
"ipv4-addr--5950fd84-2f5c-4797-a937-49ff950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd84-2f5c-4797-a937-49ff950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd84-2f5c-4797-a937-49ff950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd84-2f5c-4797-a937-49ff950d210f",
|
|
"value": "51.255.157.19"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd85-273c-4136-88cb-4d65950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950fd85-273c-4136-88cb-4d65950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950fd85-273c-4136-88cb-4d65950d210f",
|
|
"value": "http://91.234.34.98/checkupdate"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd85-6ee4-4777-b593-4a1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd85-6ee4-4777-b593-4a1d950d210f",
|
|
"ipv4-addr--5950fd85-6ee4-4777-b593-4a1d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd85-6ee4-4777-b593-4a1d950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd85-6ee4-4777-b593-4a1d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd85-6ee4-4777-b593-4a1d950d210f",
|
|
"value": "91.234.34.98"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd85-b47c-45b9-b5d3-4c9c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://kboxvbjgwi.info/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd85-732c-44e7-989a-4485950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'kboxvbjgwi.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd85-1ae4-4d50-bcaf-8c36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://vvkvmthkd.su/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd86-d2e4-47c6-99e6-4d25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'vvkvmthkd.su']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd86-d3b4-4136-b28e-464f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://pqlwchtrgd.pl/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd86-1ad0-405a-8435-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'pqlwchtrgd.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd86-9ce4-4ed4-a3b2-4d28950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://kupemmvnrq.ru/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd86-8be8-4bdd-a4b5-4e4d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'kupemmvnrq.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd87-04f0-49d5-9cc6-4182950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://dcsjhynuumapts.pw/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd87-cf90-4245-814a-8380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'dcsjhynuumapts.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd87-4448-49c5-86e3-da14950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5950fd87-4448-49c5-86e3-da14950d210f",
|
|
"ipv4-addr--5950fd87-4448-49c5-86e3-da14950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5950fd87-4448-49c5-86e3-da14950d210f",
|
|
"dst_ref": "ipv4-addr--5950fd87-4448-49c5-86e3-da14950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5950fd87-4448-49c5-86e3-da14950d210f",
|
|
"value": "141.8.226.58"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd87-6ab0-4232-ba84-46c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://iinkradpfxl.info/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd87-c8c8-4a22-96c2-4d4a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'iinkradpfxl.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd88-9864-4ad0-9799-4f7b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://nrtxrnwkplkdj.su/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd88-c050-4be1-97ca-475e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'nrtxrnwkplkdj.su']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd88-e518-4eee-ba9c-43a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://kfidytpvivromr.work/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd88-7b24-4d86-a525-837b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'kfidytpvivromr.work']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd89-ecdc-4bea-8502-402e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://oynnqys.pw/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd89-1710-4191-b4aa-4142950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'oynnqys.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd8a-f368-46ff-acfc-4c07950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://qdswhqqkjdsfie.click/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd8a-b1fc-48ca-9a58-47be950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'qdswhqqkjdsfie.click']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd8a-53ec-4ca3-b1cd-4f60950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://nmikanoyrxt.su/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd8a-c648-4bd7-bd2a-41b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'nmikanoyrxt.su']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd8a-706c-479d-85fd-4314950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[url:value = 'http://dreextfvhrcdk.org/checkupdate']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5950fd8a-b3d4-4237-b116-d5c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"pattern": "[domain-name:value = 'dreextfvhrcdk.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd8b-4dbc-4add-9128-8c2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950fd8b-4dbc-4add-9128-8c2d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950fd8b-4dbc-4add-9128-8c2d950d210f",
|
|
"value": "https://virustotal.com/en/file/ebabb63dcfc05da4a75d156ae5a38cf50e5cd1aea17abc6f59adfe463bb5b21a/analysis/1498208174/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5950fd8b-18e8-47aa-a967-4307950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:40.000Z",
|
|
"modified": "2017-06-27T07:42:40.000Z",
|
|
"first_observed": "2017-06-27T07:42:40Z",
|
|
"last_observed": "2017-06-27T07:42:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5950fd8b-18e8-47aa-a967-4307950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5950fd8b-18e8-47aa-a967-4307950d210f",
|
|
"value": "https://www.hybrid-analysis.com/sample/ebabb63dcfc05da4a75d156ae5a38cf50e5cd1aea17abc6f59adfe463bb5b21a?environmentId=100"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59520c72-7e94-43f2-8137-420a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"description": "- Xchecked via VT: ebabb63dcfc05da4a75d156ae5a38cf50e5cd1aea17abc6f59adfe463bb5b21a",
|
|
"pattern": "[file:hashes.SHA1 = '8e4bc0294d32ae9277e01449e3e8d2350578f37f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59520c72-56e8-4410-8fef-4fa902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"description": "- Xchecked via VT: ebabb63dcfc05da4a75d156ae5a38cf50e5cd1aea17abc6f59adfe463bb5b21a",
|
|
"pattern": "[file:hashes.MD5 = 'bc6c0a150d5b1ebd9b082b7d7462cc2b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59520c72-9c5c-4ba2-acb7-41ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"first_observed": "2017-06-27T07:42:42Z",
|
|
"last_observed": "2017-06-27T07:42:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59520c72-9c5c-4ba2-acb7-41ac02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59520c72-9c5c-4ba2-acb7-41ac02de0b81",
|
|
"value": "https://www.virustotal.com/file/ebabb63dcfc05da4a75d156ae5a38cf50e5cd1aea17abc6f59adfe463bb5b21a/analysis/1498526650/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59520c72-0a38-4956-9dae-43c002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"description": "- Xchecked via VT: af5b3827d56e2f046b59f37fc17b5605",
|
|
"pattern": "[file:hashes.SHA256 = '3ea564895c47e0273517f49128be37187eebaf8fe46082528e230a139421255f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59520c72-f4dc-4d5f-882e-42d302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"description": "- Xchecked via VT: af5b3827d56e2f046b59f37fc17b5605",
|
|
"pattern": "[file:hashes.SHA1 = '7f59ca3d1373632b767ddd8ee14f421f3a483c63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59520c72-2144-4121-9e0b-472102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"first_observed": "2017-06-27T07:42:42Z",
|
|
"last_observed": "2017-06-27T07:42:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59520c72-2144-4121-9e0b-472102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59520c72-2144-4121-9e0b-472102de0b81",
|
|
"value": "https://www.virustotal.com/file/3ea564895c47e0273517f49128be37187eebaf8fe46082528e230a139421255f/analysis/1498533718/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59520c72-cd68-44d0-b41d-4d5a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"description": "- Xchecked via VT: 42bfb1b88507e786265705d52c111c3b",
|
|
"pattern": "[file:hashes.SHA256 = 'd2a76a25e573eb042c53dfcc2312980a6599518a5768e6a05e01ca739bdab399']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59520c72-685c-4d5f-b8a1-446702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"description": "- Xchecked via VT: 42bfb1b88507e786265705d52c111c3b",
|
|
"pattern": "[file:hashes.SHA1 = '83bd4445931971c411ac3b799358ece6f4cbc08e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59520c72-d140-4f82-8e97-4a6802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"first_observed": "2017-06-27T07:42:42Z",
|
|
"last_observed": "2017-06-27T07:42:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59520c72-d140-4f82-8e97-4a6802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59520c72-d140-4f82-8e97-4a6802de0b81",
|
|
"value": "https://www.virustotal.com/file/d2a76a25e573eb042c53dfcc2312980a6599518a5768e6a05e01ca739bdab399/analysis/1498446443/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59520c72-9668-4c7f-9f84-4c0402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"description": "- Xchecked via VT: 8d36150d3c7bc8b110aa5043d5a627ea",
|
|
"pattern": "[file:hashes.SHA256 = '1eebffe4e40745c90c4eb238ea35184150a87b28acafcd3d538804a11f554045']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59520c72-3a80-4949-8267-48b002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"description": "- Xchecked via VT: 8d36150d3c7bc8b110aa5043d5a627ea",
|
|
"pattern": "[file:hashes.SHA1 = 'abbae4c68f1c63b5cf901dbf58dc42a95fc2e231']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-27T07:42:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59520c72-de58-4283-ad79-42b902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-27T07:42:42.000Z",
|
|
"modified": "2017-06-27T07:42:42.000Z",
|
|
"first_observed": "2017-06-27T07:42:42Z",
|
|
"last_observed": "2017-06-27T07:42:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59520c72-de58-4283-ad79-42b902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59520c72-de58-4283-ad79-42b902de0b81",
|
|
"value": "https://www.virustotal.com/file/1eebffe4e40745c90c4eb238ea35184150a87b28acafcd3d538804a11f554045/analysis/1498446427/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |