8393 lines
No EOL
333 KiB
JSON
8393 lines
No EOL
333 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--59b2b3c1-f0e0-4c07-9577-7f0b950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:18:15.000Z",
|
|
"modified": "2017-09-08T15:18:15.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--59b2b3c1-f0e0-4c07-9577-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:18:15.000Z",
|
|
"modified": "2017-09-08T15:18:15.000Z",
|
|
"name": "M2M - Locky 2017-09-06 : Affid=3 : \"Voice Message from 011234567890 - name unavailable\" - /message.html links",
|
|
"published": "2017-09-08T15:18:25Z",
|
|
"object_refs": [
|
|
"indicator--59b2b3c2-2838-45d6-80c8-7959950d210f",
|
|
"indicator--59b2b3c3-b4bc-444f-b1bd-2df1950d210f",
|
|
"indicator--59b2b3c3-7804-459c-99e9-7e8e950d210f",
|
|
"indicator--59b2b3c3-f8f4-4664-b556-4c21950d210f",
|
|
"indicator--59b2b3c3-ab1c-4bcc-8cd7-7d59950d210f",
|
|
"observed-data--59b2b3c4-972c-434f-af0b-47cf950d210f",
|
|
"network-traffic--59b2b3c4-972c-434f-af0b-47cf950d210f",
|
|
"ipv4-addr--59b2b3c4-972c-434f-af0b-47cf950d210f",
|
|
"indicator--59b2b3c4-a548-41ad-8fae-4a5b950d210f",
|
|
"indicator--59b2b3c4-ec00-429f-b256-4b66950d210f",
|
|
"observed-data--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f",
|
|
"network-traffic--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f",
|
|
"ipv4-addr--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f",
|
|
"indicator--59b2b3c5-ebc0-4dbb-b094-477a950d210f",
|
|
"indicator--59b2b3c5-ca6c-4a5a-bc77-7920950d210f",
|
|
"observed-data--59b2b3c5-03f0-450c-9780-44dd950d210f",
|
|
"network-traffic--59b2b3c5-03f0-450c-9780-44dd950d210f",
|
|
"ipv4-addr--59b2b3c5-03f0-450c-9780-44dd950d210f",
|
|
"indicator--59b2b3c6-d898-43e9-8afe-7f0b950d210f",
|
|
"indicator--59b2b3c6-40b8-4269-930b-7c5a950d210f",
|
|
"observed-data--59b2b3c7-82dc-4de5-8e78-4f46950d210f",
|
|
"network-traffic--59b2b3c7-82dc-4de5-8e78-4f46950d210f",
|
|
"ipv4-addr--59b2b3c7-82dc-4de5-8e78-4f46950d210f",
|
|
"indicator--59b2b3c7-75b8-428f-8f17-4bea950d210f",
|
|
"indicator--59b2b3c7-cd54-4b10-9333-46df950d210f",
|
|
"observed-data--59b2b3c7-e47c-4768-97ba-7959950d210f",
|
|
"network-traffic--59b2b3c7-e47c-4768-97ba-7959950d210f",
|
|
"ipv4-addr--59b2b3c7-e47c-4768-97ba-7959950d210f",
|
|
"indicator--59b2b3c7-dac0-4340-8274-2df1950d210f",
|
|
"indicator--59b2b3c8-e93c-4d02-9e10-7e8e950d210f",
|
|
"observed-data--59b2b3c8-48c0-42f7-8b2a-45b8950d210f",
|
|
"network-traffic--59b2b3c8-48c0-42f7-8b2a-45b8950d210f",
|
|
"ipv4-addr--59b2b3c8-48c0-42f7-8b2a-45b8950d210f",
|
|
"indicator--59b2b3c8-b2f8-4678-874d-4f08950d210f",
|
|
"indicator--59b2b3c8-2b88-4483-8cbe-4d85950d210f",
|
|
"indicator--59b2b3c9-cba4-4116-a3d1-4c82950d210f",
|
|
"indicator--59b2b3c9-5e60-4c85-86ae-4940950d210f",
|
|
"indicator--59b2b3ca-3e24-4fd6-ac61-417a950d210f",
|
|
"indicator--59b2b3ca-4438-45c1-8dee-4231950d210f",
|
|
"indicator--59b2b3ca-21e4-48a9-bed4-4d73950d210f",
|
|
"indicator--59b2b3ca-f4c8-40a0-9f42-7f0b950d210f",
|
|
"indicator--59b2b3cb-ba1c-46ea-aebb-4df5950d210f",
|
|
"indicator--59b2b3cb-f5a4-402b-ab60-4b1f950d210f",
|
|
"indicator--59b2b3cc-642c-45c0-93c7-7959950d210f",
|
|
"indicator--59b2b3cc-06e0-4924-8630-4bd0950d210f",
|
|
"indicator--59b2b3cc-82e4-44f4-be70-7e8e950d210f",
|
|
"indicator--59b2b3cd-fdac-4870-95c5-43d5950d210f",
|
|
"observed-data--59b2b3cd-bdc0-4035-87e5-4e71950d210f",
|
|
"network-traffic--59b2b3cd-bdc0-4035-87e5-4e71950d210f",
|
|
"ipv4-addr--59b2b3cd-bdc0-4035-87e5-4e71950d210f",
|
|
"indicator--59b2b3cd-fc04-4608-91bc-41c2950d210f",
|
|
"indicator--59b2b3cd-b64c-408a-8c82-7d59950d210f",
|
|
"observed-data--59b2b3ce-3168-4d53-8cac-42de950d210f",
|
|
"network-traffic--59b2b3ce-3168-4d53-8cac-42de950d210f",
|
|
"ipv4-addr--59b2b3ce-3168-4d53-8cac-42de950d210f",
|
|
"indicator--59b2b3ce-9c94-4dfd-a767-43f8950d210f",
|
|
"indicator--59b2b3ce-0b60-4217-ba90-42e2950d210f",
|
|
"observed-data--59b2b3cf-7db4-4e3e-b7e6-468e950d210f",
|
|
"network-traffic--59b2b3cf-7db4-4e3e-b7e6-468e950d210f",
|
|
"ipv4-addr--59b2b3cf-7db4-4e3e-b7e6-468e950d210f",
|
|
"indicator--59b2b3d0-6b20-4163-8331-449b950d210f",
|
|
"indicator--59b2b3d0-6f6c-44aa-a920-7920950d210f",
|
|
"observed-data--59b2b3d0-c390-437f-b602-4112950d210f",
|
|
"network-traffic--59b2b3d0-c390-437f-b602-4112950d210f",
|
|
"ipv4-addr--59b2b3d0-c390-437f-b602-4112950d210f",
|
|
"indicator--59b2b3d0-c3b8-4e1c-8907-7c5a950d210f",
|
|
"indicator--59b2b3d1-5930-41ab-b736-40b6950d210f",
|
|
"observed-data--59b2b3d4-6060-4b85-9bc9-45a7950d210f",
|
|
"network-traffic--59b2b3d4-6060-4b85-9bc9-45a7950d210f",
|
|
"ipv4-addr--59b2b3d4-6060-4b85-9bc9-45a7950d210f",
|
|
"indicator--59b2b3d4-53e0-4589-89f6-463c950d210f",
|
|
"indicator--59b2b3d5-5fd8-4f59-b5ee-7920950d210f",
|
|
"observed-data--59b2b3d5-d108-4b68-870d-7f0b950d210f",
|
|
"network-traffic--59b2b3d5-d108-4b68-870d-7f0b950d210f",
|
|
"ipv4-addr--59b2b3d5-d108-4b68-870d-7f0b950d210f",
|
|
"indicator--59b2b3d5-f7ac-4644-ac8a-7c5a950d210f",
|
|
"indicator--59b2b3d5-6f24-47ee-8bdb-4318950d210f",
|
|
"indicator--59b2b3d6-8174-43d8-a9a9-4d47950d210f",
|
|
"indicator--59b2b3d6-8134-4252-9a12-7e8e950d210f",
|
|
"observed-data--59b2b3d7-90a8-4185-8f87-4402950d210f",
|
|
"network-traffic--59b2b3d7-90a8-4185-8f87-4402950d210f",
|
|
"ipv4-addr--59b2b3d7-90a8-4185-8f87-4402950d210f",
|
|
"indicator--59b2b3d7-1b9c-4132-8300-7d59950d210f",
|
|
"indicator--59b2b3d7-2254-48a2-8e0c-4525950d210f",
|
|
"observed-data--59b2b3d7-f398-4814-9027-4ad7950d210f",
|
|
"network-traffic--59b2b3d7-f398-4814-9027-4ad7950d210f",
|
|
"ipv4-addr--59b2b3d7-f398-4814-9027-4ad7950d210f",
|
|
"indicator--59b2b3d8-1ac8-4820-8ff3-7920950d210f",
|
|
"indicator--59b2b3d8-91bc-4d22-9fff-4705950d210f",
|
|
"observed-data--59b2b3d8-7b6c-4186-b167-7f0b950d210f",
|
|
"network-traffic--59b2b3d8-7b6c-4186-b167-7f0b950d210f",
|
|
"ipv4-addr--59b2b3d8-7b6c-4186-b167-7f0b950d210f",
|
|
"indicator--59b2b3d8-cc74-4659-8bd9-4a24950d210f",
|
|
"indicator--59b2b3d9-4a00-4067-bac1-442e950d210f",
|
|
"observed-data--59b2b3d9-e874-43b0-9fed-427c950d210f",
|
|
"network-traffic--59b2b3d9-e874-43b0-9fed-427c950d210f",
|
|
"ipv4-addr--59b2b3d9-e874-43b0-9fed-427c950d210f",
|
|
"indicator--59b2b3d9-56e8-4d25-ac11-45ff950d210f",
|
|
"indicator--59b2b3da-1be4-4cba-9074-7e8e950d210f",
|
|
"indicator--59b2b3da-8d5c-43f1-b93f-7d59950d210f",
|
|
"indicator--59b2b3da-f944-4513-bc6a-466d950d210f",
|
|
"observed-data--59b2b3db-de1c-4d58-ae38-4ea4950d210f",
|
|
"network-traffic--59b2b3db-de1c-4d58-ae38-4ea4950d210f",
|
|
"ipv4-addr--59b2b3db-de1c-4d58-ae38-4ea4950d210f",
|
|
"indicator--59b2b3db-ee60-4821-afb5-4a67950d210f",
|
|
"indicator--59b2b3db-c8e8-4443-ab43-4546950d210f",
|
|
"observed-data--59b2b3dc-4858-40de-b211-49d6950d210f",
|
|
"network-traffic--59b2b3dc-4858-40de-b211-49d6950d210f",
|
|
"ipv4-addr--59b2b3dc-4858-40de-b211-49d6950d210f",
|
|
"indicator--59b2b3dd-3554-4a1b-98ee-7959950d210f",
|
|
"indicator--59b2b3dd-258c-47c2-a372-2df1950d210f",
|
|
"observed-data--59b2b3dd-469c-4247-9150-4ad6950d210f",
|
|
"network-traffic--59b2b3dd-469c-4247-9150-4ad6950d210f",
|
|
"ipv4-addr--59b2b3dd-469c-4247-9150-4ad6950d210f",
|
|
"indicator--59b2b3dd-c6d8-470e-878f-42c8950d210f",
|
|
"indicator--59b2b3de-59e4-4a1e-94d9-7d59950d210f",
|
|
"observed-data--59b2b3de-c768-4027-ae23-4deb950d210f",
|
|
"network-traffic--59b2b3de-c768-4027-ae23-4deb950d210f",
|
|
"ipv4-addr--59b2b3de-c768-4027-ae23-4deb950d210f",
|
|
"indicator--59b2b3de-e200-4dc1-84a2-4ac7950d210f",
|
|
"indicator--59b2b3de-2fdc-4a02-9c79-40bc950d210f",
|
|
"observed-data--59b2b3df-b990-4243-8160-4e77950d210f",
|
|
"network-traffic--59b2b3df-b990-4243-8160-4e77950d210f",
|
|
"ipv4-addr--59b2b3df-b990-4243-8160-4e77950d210f",
|
|
"indicator--59b2b3df-83e8-4952-8d47-7c5a950d210f",
|
|
"indicator--59b2b3df-d2c8-4a6e-b592-4765950d210f",
|
|
"observed-data--59b2b3e0-6064-4a27-9db1-4ecd950d210f",
|
|
"network-traffic--59b2b3e0-6064-4a27-9db1-4ecd950d210f",
|
|
"ipv4-addr--59b2b3e0-6064-4a27-9db1-4ecd950d210f",
|
|
"indicator--59b2b3e0-15a4-40d6-b807-7dfc950d210f",
|
|
"indicator--59b2b3e0-bc40-4f66-bf26-7e8e950d210f",
|
|
"observed-data--59b2b3e1-234c-4710-9a6c-49f5950d210f",
|
|
"network-traffic--59b2b3e1-234c-4710-9a6c-49f5950d210f",
|
|
"ipv4-addr--59b2b3e1-234c-4710-9a6c-49f5950d210f",
|
|
"indicator--59b2b3e2-6d08-4509-8784-49ba950d210f",
|
|
"indicator--59b2b3e2-9178-4839-b504-4950950d210f",
|
|
"observed-data--59b2b3e2-dc0c-4b65-ba56-7920950d210f",
|
|
"network-traffic--59b2b3e2-dc0c-4b65-ba56-7920950d210f",
|
|
"ipv4-addr--59b2b3e2-dc0c-4b65-ba56-7920950d210f",
|
|
"indicator--59b2b3e2-ad5c-49c7-a917-463c950d210f",
|
|
"indicator--59b2b3e3-b5a4-4bd4-9bfd-4578950d210f",
|
|
"observed-data--59b2b3e3-a78c-43eb-ac3a-43ad950d210f",
|
|
"network-traffic--59b2b3e3-a78c-43eb-ac3a-43ad950d210f",
|
|
"ipv4-addr--59b2b3e3-a78c-43eb-ac3a-43ad950d210f",
|
|
"indicator--59b2b3e3-d0f4-40cd-9491-4645950d210f",
|
|
"indicator--59b2b3e4-a5b0-49fe-8b00-7959950d210f",
|
|
"indicator--59b2b3e4-783c-4157-81a1-7e8e950d210f",
|
|
"indicator--59b2b3e4-8550-4410-831a-4afb950d210f",
|
|
"observed-data--59b2b3e5-e874-41c2-9f56-7d59950d210f",
|
|
"network-traffic--59b2b3e5-e874-41c2-9f56-7d59950d210f",
|
|
"ipv4-addr--59b2b3e5-e874-41c2-9f56-7d59950d210f",
|
|
"indicator--59b2b3e5-2fe0-432f-b536-4f01950d210f",
|
|
"indicator--59b2b3e5-68c4-49cb-92b3-4075950d210f",
|
|
"observed-data--59b2b3e6-8ea4-4891-8df8-7920950d210f",
|
|
"network-traffic--59b2b3e6-8ea4-4891-8df8-7920950d210f",
|
|
"ipv4-addr--59b2b3e6-8ea4-4891-8df8-7920950d210f",
|
|
"indicator--59b2b3e6-ab4c-4839-9d11-7f0b950d210f",
|
|
"indicator--59b2b3e6-d2dc-4853-8da9-4628950d210f",
|
|
"observed-data--59b2b3e6-1b28-4ca7-add3-4824950d210f",
|
|
"network-traffic--59b2b3e6-1b28-4ca7-add3-4824950d210f",
|
|
"ipv4-addr--59b2b3e6-1b28-4ca7-add3-4824950d210f",
|
|
"indicator--59b2b3e6-469c-47d2-a616-45cb950d210f",
|
|
"indicator--59b2b3e7-8434-4232-8e10-7959950d210f",
|
|
"observed-data--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f",
|
|
"network-traffic--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f",
|
|
"ipv4-addr--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f",
|
|
"indicator--59b2b3e7-346c-4025-888d-7e8e950d210f",
|
|
"indicator--59b2b3e7-af44-4f15-82d2-4286950d210f",
|
|
"observed-data--59b2b3e8-f650-4fb4-b247-4d3f950d210f",
|
|
"network-traffic--59b2b3e8-f650-4fb4-b247-4d3f950d210f",
|
|
"ipv4-addr--59b2b3e8-f650-4fb4-b247-4d3f950d210f",
|
|
"indicator--59b2b3e8-242c-40ba-ac99-4346950d210f",
|
|
"indicator--59b2b3e8-6294-4f35-9609-455b950d210f",
|
|
"observed-data--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f",
|
|
"network-traffic--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f",
|
|
"ipv4-addr--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f",
|
|
"indicator--59b2b3e9-0200-46a8-bd67-4b66950d210f",
|
|
"indicator--59b2b3e9-814c-4c6c-b153-7920950d210f",
|
|
"observed-data--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f",
|
|
"network-traffic--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f",
|
|
"ipv4-addr--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f",
|
|
"indicator--59b2b3e9-8c88-4b0f-958e-4c9e950d210f",
|
|
"indicator--59b2b3ea-7e64-4a06-842a-7c5a950d210f",
|
|
"observed-data--59b2b3ea-7540-49e2-b6a7-4706950d210f",
|
|
"network-traffic--59b2b3ea-7540-49e2-b6a7-4706950d210f",
|
|
"ipv4-addr--59b2b3ea-7540-49e2-b6a7-4706950d210f",
|
|
"indicator--59b2b3ea-993c-4eb7-b3a0-7959950d210f",
|
|
"indicator--59b2b3ea-7e88-418b-8dc2-7dfc950d210f",
|
|
"observed-data--59b2b3eb-f554-48ce-8905-7e8e950d210f",
|
|
"network-traffic--59b2b3eb-f554-48ce-8905-7e8e950d210f",
|
|
"ipv4-addr--59b2b3eb-f554-48ce-8905-7e8e950d210f",
|
|
"indicator--59b2b3eb-f044-44be-bab4-4efb950d210f",
|
|
"indicator--59b2b3eb-f8e8-4153-922e-412b950d210f",
|
|
"observed-data--59b2b3eb-e83c-4146-b697-48b6950d210f",
|
|
"network-traffic--59b2b3eb-e83c-4146-b697-48b6950d210f",
|
|
"ipv4-addr--59b2b3eb-e83c-4146-b697-48b6950d210f",
|
|
"indicator--59b2b3ec-c7c4-44c0-a13d-485c950d210f",
|
|
"indicator--59b2b3ec-a908-458a-98c9-46db950d210f",
|
|
"observed-data--59b2b3ec-5a7c-45d5-9049-7f0b950d210f",
|
|
"network-traffic--59b2b3ec-5a7c-45d5-9049-7f0b950d210f",
|
|
"ipv4-addr--59b2b3ec-5a7c-45d5-9049-7f0b950d210f",
|
|
"indicator--59b2b3ec-1094-453e-84ea-43cb950d210f",
|
|
"indicator--59b2b3ec-f0b0-42db-94b8-7c5a950d210f",
|
|
"observed-data--59b2b3ed-4de0-4c51-b3b3-7959950d210f",
|
|
"network-traffic--59b2b3ed-4de0-4c51-b3b3-7959950d210f",
|
|
"ipv4-addr--59b2b3ed-4de0-4c51-b3b3-7959950d210f",
|
|
"indicator--59b2b3ed-4dd4-4d0c-ad1f-7dfc950d210f",
|
|
"indicator--59b2b3ed-5184-4204-becf-2df1950d210f",
|
|
"observed-data--59b2b3ee-e7b8-4bee-b333-4096950d210f",
|
|
"network-traffic--59b2b3ee-e7b8-4bee-b333-4096950d210f",
|
|
"ipv4-addr--59b2b3ee-e7b8-4bee-b333-4096950d210f",
|
|
"indicator--59b2b3ef-2b34-4aa8-a1cf-4987950d210f",
|
|
"indicator--59b2b3ef-87d0-455f-94ca-4bf4950d210f",
|
|
"observed-data--59b2b3ef-2534-4b2a-906e-7920950d210f",
|
|
"network-traffic--59b2b3ef-2534-4b2a-906e-7920950d210f",
|
|
"ipv4-addr--59b2b3ef-2534-4b2a-906e-7920950d210f",
|
|
"indicator--59b2b3ef-1eb0-4dcf-b39a-7f0b950d210f",
|
|
"indicator--59b2b3f0-f0e4-4129-b565-4f8a950d210f",
|
|
"indicator--59b2b3f1-62bc-4453-bad7-4868950d210f",
|
|
"indicator--59b2b3f2-34d8-43ff-8831-7e8e950d210f",
|
|
"observed-data--59b2b3f2-3a30-4f76-85c7-4725950d210f",
|
|
"network-traffic--59b2b3f2-3a30-4f76-85c7-4725950d210f",
|
|
"ipv4-addr--59b2b3f2-3a30-4f76-85c7-4725950d210f",
|
|
"indicator--59b2b3f2-1c50-4d14-b059-7d59950d210f",
|
|
"indicator--59b2b3f3-acb0-4021-870f-4291950d210f",
|
|
"observed-data--59b2b3f3-b80c-4e90-a42c-4d12950d210f",
|
|
"network-traffic--59b2b3f3-b80c-4e90-a42c-4d12950d210f",
|
|
"ipv4-addr--59b2b3f3-b80c-4e90-a42c-4d12950d210f",
|
|
"indicator--59b2b3f3-6340-46d2-b3cf-7920950d210f",
|
|
"indicator--59b2b3f3-fb58-4175-b642-4640950d210f",
|
|
"observed-data--59b2b3f4-de3c-44ae-be49-7c5a950d210f",
|
|
"network-traffic--59b2b3f4-de3c-44ae-be49-7c5a950d210f",
|
|
"ipv4-addr--59b2b3f4-de3c-44ae-be49-7c5a950d210f",
|
|
"indicator--59b2b3f4-0514-4134-a1bf-4f81950d210f",
|
|
"indicator--59b2b3f4-ac8c-46e5-91e0-7dfc950d210f",
|
|
"observed-data--59b2b3f4-e5bc-4155-87b2-2df1950d210f",
|
|
"network-traffic--59b2b3f4-e5bc-4155-87b2-2df1950d210f",
|
|
"ipv4-addr--59b2b3f4-e5bc-4155-87b2-2df1950d210f",
|
|
"indicator--59b2b3f5-cd04-46d5-812d-7e8e950d210f",
|
|
"indicator--59b2b3f5-d434-49d4-9df8-4fac950d210f",
|
|
"observed-data--59b2b3f6-09f4-40e8-90fe-4129950d210f",
|
|
"network-traffic--59b2b3f6-09f4-40e8-90fe-4129950d210f",
|
|
"ipv4-addr--59b2b3f6-09f4-40e8-90fe-4129950d210f",
|
|
"indicator--59b2b3f6-0c1c-4f2a-8d44-7c5a950d210f",
|
|
"indicator--59b2b3f7-d0bc-4c74-8b5d-4504950d210f",
|
|
"observed-data--59b2b3f7-ba48-4770-b572-7959950d210f",
|
|
"network-traffic--59b2b3f7-ba48-4770-b572-7959950d210f",
|
|
"ipv4-addr--59b2b3f7-ba48-4770-b572-7959950d210f",
|
|
"indicator--59b2b3f7-6254-48fb-a529-2df1950d210f",
|
|
"indicator--59b2b3f7-51d0-4de9-b5d1-7e8e950d210f",
|
|
"observed-data--59b2b3f8-2790-427e-ac3e-4873950d210f",
|
|
"network-traffic--59b2b3f8-2790-427e-ac3e-4873950d210f",
|
|
"ipv4-addr--59b2b3f8-2790-427e-ac3e-4873950d210f",
|
|
"indicator--59b2b3f8-2cfc-4277-ae05-46f3950d210f",
|
|
"indicator--59b2b3f8-e584-4bf8-b5b0-4dbc950d210f",
|
|
"observed-data--59b2b3f9-2840-4f2b-89d7-48a6950d210f",
|
|
"network-traffic--59b2b3f9-2840-4f2b-89d7-48a6950d210f",
|
|
"ipv4-addr--59b2b3f9-2840-4f2b-89d7-48a6950d210f",
|
|
"indicator--59b2b3f9-bccc-42b1-af24-42af950d210f",
|
|
"indicator--59b2b3f9-cf30-4fa2-b4e9-7920950d210f",
|
|
"observed-data--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f",
|
|
"network-traffic--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f",
|
|
"ipv4-addr--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f",
|
|
"indicator--59b2b3fa-9b9c-4b3e-b8c9-4c5e950d210f",
|
|
"indicator--59b2b3fa-68a8-4644-ab80-4fda950d210f",
|
|
"observed-data--59b2b3fb-e148-46cb-bf7c-7dfc950d210f",
|
|
"network-traffic--59b2b3fb-e148-46cb-bf7c-7dfc950d210f",
|
|
"ipv4-addr--59b2b3fb-e148-46cb-bf7c-7dfc950d210f",
|
|
"indicator--59b2b3fb-02dc-4869-9216-2df1950d210f",
|
|
"indicator--59b2b3fb-cb30-4070-af91-7e8e950d210f",
|
|
"observed-data--59b2b3fc-c9ac-48e3-8dab-42e3950d210f",
|
|
"network-traffic--59b2b3fc-c9ac-48e3-8dab-42e3950d210f",
|
|
"ipv4-addr--59b2b3fc-c9ac-48e3-8dab-42e3950d210f",
|
|
"indicator--59b2b3fc-abac-4783-9753-40f6950d210f",
|
|
"indicator--59b2b3fc-2534-4da1-989e-468d950d210f",
|
|
"observed-data--59b2b3fd-c108-4f6c-93e4-4226950d210f",
|
|
"network-traffic--59b2b3fd-c108-4f6c-93e4-4226950d210f",
|
|
"ipv4-addr--59b2b3fd-c108-4f6c-93e4-4226950d210f",
|
|
"indicator--59b2b3fd-3d38-4e37-a7a1-4b3c950d210f",
|
|
"indicator--59b2b3fd-b488-400b-a1b1-7920950d210f",
|
|
"observed-data--59b2b3fd-7304-4839-8bf0-7f0b950d210f",
|
|
"network-traffic--59b2b3fd-7304-4839-8bf0-7f0b950d210f",
|
|
"ipv4-addr--59b2b3fd-7304-4839-8bf0-7f0b950d210f",
|
|
"indicator--59b2b3fe-b530-4eb0-ae96-4a41950d210f",
|
|
"indicator--59b2b3fe-dbb0-432a-ad65-4473950d210f",
|
|
"observed-data--59b2b3fe-d730-4626-b155-7c5a950d210f",
|
|
"network-traffic--59b2b3fe-d730-4626-b155-7c5a950d210f",
|
|
"ipv4-addr--59b2b3fe-d730-4626-b155-7c5a950d210f",
|
|
"indicator--59b2b3fe-7058-4a42-98bb-4c88950d210f",
|
|
"indicator--59b2b3fe-fa04-4402-95ca-4005950d210f",
|
|
"observed-data--59b2b3ff-ed90-464f-bb6e-4a25950d210f",
|
|
"network-traffic--59b2b3ff-ed90-464f-bb6e-4a25950d210f",
|
|
"ipv4-addr--59b2b3ff-ed90-464f-bb6e-4a25950d210f",
|
|
"indicator--59b2b3ff-1104-4c73-97a6-7dfc950d210f",
|
|
"indicator--59b2b3ff-3574-4612-a48e-2df1950d210f",
|
|
"observed-data--59b2b400-86f4-482a-b13b-7959950d210f",
|
|
"network-traffic--59b2b400-86f4-482a-b13b-7959950d210f",
|
|
"ipv4-addr--59b2b400-86f4-482a-b13b-7959950d210f",
|
|
"indicator--59b2b400-5bf8-42aa-9d7b-7e8e950d210f",
|
|
"indicator--59b2b400-a6d4-4f23-9cb1-41e3950d210f",
|
|
"observed-data--59b2b401-91ec-4d0a-be8f-47d8950d210f",
|
|
"network-traffic--59b2b401-91ec-4d0a-be8f-47d8950d210f",
|
|
"ipv4-addr--59b2b401-91ec-4d0a-be8f-47d8950d210f",
|
|
"indicator--59b2b401-6e04-482e-a481-4bb6950d210f",
|
|
"indicator--59b2b401-186c-4d88-82e3-486e950d210f",
|
|
"observed-data--59b2b402-6770-43b7-b0bc-40eb950d210f",
|
|
"network-traffic--59b2b402-6770-43b7-b0bc-40eb950d210f",
|
|
"ipv4-addr--59b2b402-6770-43b7-b0bc-40eb950d210f",
|
|
"indicator--59b2b402-609c-41f1-ab5d-4aae950d210f",
|
|
"indicator--59b2b402-fd34-4f40-a4f7-4347950d210f",
|
|
"observed-data--59b2b402-1e1c-4e25-a1fd-7920950d210f",
|
|
"network-traffic--59b2b402-1e1c-4e25-a1fd-7920950d210f",
|
|
"ipv4-addr--59b2b402-1e1c-4e25-a1fd-7920950d210f",
|
|
"indicator--59b2b402-9cf8-44db-af41-7f0b950d210f",
|
|
"indicator--59b2b403-ca20-4d95-80d1-7d59950d210f",
|
|
"observed-data--59b2b403-eed8-4050-b1fa-4ecb950d210f",
|
|
"network-traffic--59b2b403-eed8-4050-b1fa-4ecb950d210f",
|
|
"ipv4-addr--59b2b403-eed8-4050-b1fa-4ecb950d210f",
|
|
"indicator--59b2b403-34bc-4187-9896-4bbc950d210f",
|
|
"indicator--59b2b403-9344-4831-ba9e-7c5a950d210f",
|
|
"observed-data--59b2b404-0420-4ba7-85ae-4cf2950d210f",
|
|
"network-traffic--59b2b404-0420-4ba7-85ae-4cf2950d210f",
|
|
"ipv4-addr--59b2b404-0420-4ba7-85ae-4cf2950d210f",
|
|
"indicator--59b2b404-8218-433a-9f83-4438950d210f",
|
|
"indicator--59b2b404-0194-4784-8726-44b2950d210f",
|
|
"observed-data--59b2b405-e290-4e75-9673-7dfc950d210f",
|
|
"network-traffic--59b2b405-e290-4e75-9673-7dfc950d210f",
|
|
"ipv4-addr--59b2b405-e290-4e75-9673-7dfc950d210f",
|
|
"indicator--59b2b405-c46c-4f9b-970f-2df1950d210f",
|
|
"indicator--59b2b405-cfa8-45d4-9a64-7959950d210f",
|
|
"observed-data--59b2b405-3cb4-4215-8597-7e8e950d210f",
|
|
"network-traffic--59b2b405-3cb4-4215-8597-7e8e950d210f",
|
|
"ipv4-addr--59b2b405-3cb4-4215-8597-7e8e950d210f",
|
|
"indicator--59b2b406-3ba8-4167-a694-4bfe950d210f",
|
|
"indicator--59b2b406-9e1c-4262-a3ee-4e15950d210f",
|
|
"observed-data--59b2b406-faf4-46ad-82ed-4e32950d210f",
|
|
"network-traffic--59b2b406-faf4-46ad-82ed-4e32950d210f",
|
|
"ipv4-addr--59b2b406-faf4-46ad-82ed-4e32950d210f",
|
|
"indicator--59b2b406-641c-491b-bca9-4e7d950d210f",
|
|
"indicator--59b2b407-01d0-40b3-8dce-7920950d210f",
|
|
"observed-data--59b2b407-88f8-4b9b-a51a-7d59950d210f",
|
|
"network-traffic--59b2b407-88f8-4b9b-a51a-7d59950d210f",
|
|
"ipv4-addr--59b2b407-88f8-4b9b-a51a-7d59950d210f",
|
|
"indicator--59b2b407-5c78-4281-9f8e-4d06950d210f",
|
|
"indicator--59b2b408-8c2c-4bc8-912d-7c5a950d210f",
|
|
"observed-data--59b2b408-3f14-441c-b7eb-4bc9950d210f",
|
|
"network-traffic--59b2b408-3f14-441c-b7eb-4bc9950d210f",
|
|
"ipv4-addr--59b2b408-3f14-441c-b7eb-4bc9950d210f",
|
|
"indicator--59b2b408-dcf4-4b39-9b8e-4286950d210f",
|
|
"indicator--59b2b408-f888-4089-833f-48a9950d210f",
|
|
"observed-data--59b2b409-d6e4-489a-a75c-2df1950d210f",
|
|
"network-traffic--59b2b409-d6e4-489a-a75c-2df1950d210f",
|
|
"ipv4-addr--59b2b409-d6e4-489a-a75c-2df1950d210f",
|
|
"indicator--59b2b409-c448-4e75-85ad-7e8e950d210f",
|
|
"indicator--59b2b409-4770-4347-99f7-492c950d210f",
|
|
"observed-data--59b2b409-d15c-40e4-8671-41bc950d210f",
|
|
"network-traffic--59b2b409-d15c-40e4-8671-41bc950d210f",
|
|
"ipv4-addr--59b2b409-d15c-40e4-8671-41bc950d210f",
|
|
"indicator--59b2b40a-c1b4-4a91-a0b2-4129950d210f",
|
|
"indicator--59b2b40a-c758-40fb-99dd-4d47950d210f",
|
|
"observed-data--59b2b40a-c994-44fb-b7a5-7f0b950d210f",
|
|
"network-traffic--59b2b40a-c994-44fb-b7a5-7f0b950d210f",
|
|
"ipv4-addr--59b2b40a-c994-44fb-b7a5-7f0b950d210f",
|
|
"indicator--59b2b40a-e9a0-4539-a177-7d59950d210f",
|
|
"indicator--59b2b40a-cbd0-4ca8-bdef-4ec1950d210f",
|
|
"observed-data--59b2b40b-3288-4935-a333-42f7950d210f",
|
|
"network-traffic--59b2b40b-3288-4935-a333-42f7950d210f",
|
|
"ipv4-addr--59b2b40b-3288-4935-a333-42f7950d210f",
|
|
"indicator--59b2b40b-9ab4-436b-b39f-4227950d210f",
|
|
"indicator--59b2b40b-4fe4-4cb4-8fcc-2df1950d210f",
|
|
"observed-data--59b2b40c-5f78-4eed-a259-7e8e950d210f",
|
|
"network-traffic--59b2b40c-5f78-4eed-a259-7e8e950d210f",
|
|
"ipv4-addr--59b2b40c-5f78-4eed-a259-7e8e950d210f",
|
|
"indicator--59b2b40c-25c0-44a3-9df4-46b3950d210f",
|
|
"indicator--59b2b40c-1f14-46c7-84f4-4485950d210f",
|
|
"observed-data--59b2b40c-ddd0-49e0-ab85-47b2950d210f",
|
|
"network-traffic--59b2b40c-ddd0-49e0-ab85-47b2950d210f",
|
|
"ipv4-addr--59b2b40c-ddd0-49e0-ab85-47b2950d210f",
|
|
"indicator--59b2b40d-3f1c-4edc-8086-4bb1950d210f",
|
|
"indicator--59b2b40d-20e8-481e-9891-7920950d210f",
|
|
"observed-data--59b2b40d-68bc-48a5-b0d9-7d59950d210f",
|
|
"network-traffic--59b2b40d-68bc-48a5-b0d9-7d59950d210f",
|
|
"ipv4-addr--59b2b40d-68bc-48a5-b0d9-7d59950d210f",
|
|
"indicator--59b2b40d-b9cc-4a5b-9336-4007950d210f",
|
|
"indicator--59b2b40e-2f74-4195-8960-7c5a950d210f",
|
|
"observed-data--59b2b40e-38a8-440c-b9b3-4e12950d210f",
|
|
"network-traffic--59b2b40e-38a8-440c-b9b3-4e12950d210f",
|
|
"ipv4-addr--59b2b40e-38a8-440c-b9b3-4e12950d210f",
|
|
"indicator--59b2b40e-35ac-44eb-b49d-2df1950d210f",
|
|
"indicator--59b2b40f-5bd4-4bb6-b530-7959950d210f",
|
|
"observed-data--59b2b40f-6ed4-4273-b83f-4e96950d210f",
|
|
"network-traffic--59b2b40f-6ed4-4273-b83f-4e96950d210f",
|
|
"ipv4-addr--59b2b40f-6ed4-4273-b83f-4e96950d210f",
|
|
"indicator--59b2b40f-be94-4116-baaa-4c04950d210f",
|
|
"indicator--59b2b40f-30c0-42f7-8afa-4602950d210f",
|
|
"observed-data--59b2b410-d600-4d3b-a74c-450d950d210f",
|
|
"network-traffic--59b2b410-d600-4d3b-a74c-450d950d210f",
|
|
"ipv4-addr--59b2b410-d600-4d3b-a74c-450d950d210f",
|
|
"indicator--59b2b410-5bcc-405d-904d-7f0b950d210f",
|
|
"indicator--59b2b410-c7e4-4a59-879e-4c62950d210f",
|
|
"observed-data--59b2b411-4a5c-42a1-92ac-7c5a950d210f",
|
|
"network-traffic--59b2b411-4a5c-42a1-92ac-7c5a950d210f",
|
|
"ipv4-addr--59b2b411-4a5c-42a1-92ac-7c5a950d210f",
|
|
"indicator--59b2b411-776c-45c7-8c61-41ee950d210f",
|
|
"indicator--59b2b411-f6e4-4b57-9725-4b74950d210f",
|
|
"indicator--59b2b412-5304-4ddd-99c1-7e8e950d210f",
|
|
"indicator--59b2b412-8b5c-4545-8046-4924950d210f",
|
|
"observed-data--59b2b413-5744-4201-ad26-4d9a950d210f",
|
|
"network-traffic--59b2b413-5744-4201-ad26-4d9a950d210f",
|
|
"ipv4-addr--59b2b413-5744-4201-ad26-4d9a950d210f",
|
|
"indicator--59b2b413-3fe8-468e-a34e-4ef6950d210f",
|
|
"indicator--59b2b413-4ac4-42b4-9137-7f0b950d210f",
|
|
"observed-data--59b2b414-c0c8-49dd-b6e2-40a2950d210f",
|
|
"network-traffic--59b2b414-c0c8-49dd-b6e2-40a2950d210f",
|
|
"ipv4-addr--59b2b414-c0c8-49dd-b6e2-40a2950d210f",
|
|
"indicator--59b2b414-8a60-4677-9b81-7c5a950d210f",
|
|
"indicator--59b2b415-5d24-45ce-a92d-4bd1950d210f",
|
|
"indicator--59b2b415-0b5c-4a36-b455-2df1950d210f",
|
|
"indicator--59b2b415-a66c-42c5-96de-7dfc950d210f",
|
|
"observed-data--59b2b416-ec88-4593-92f0-42e4950d210f",
|
|
"network-traffic--59b2b416-ec88-4593-92f0-42e4950d210f",
|
|
"ipv4-addr--59b2b416-ec88-4593-92f0-42e4950d210f",
|
|
"indicator--59b2b416-9c28-4b02-9dfe-4212950d210f",
|
|
"indicator--59b2b416-c7e4-4ff8-b024-465b950d210f",
|
|
"observed-data--59b2b416-b984-4f9f-80c4-46d5950d210f",
|
|
"network-traffic--59b2b416-b984-4f9f-80c4-46d5950d210f",
|
|
"ipv4-addr--59b2b416-b984-4f9f-80c4-46d5950d210f",
|
|
"indicator--59b2b417-6d1c-4581-968e-7920950d210f",
|
|
"indicator--59b2b417-c454-48aa-b164-7d59950d210f",
|
|
"indicator--59b2b417-7cb4-43f0-9da2-41cf950d210f",
|
|
"indicator--59b2b417-ccb4-4b40-a259-7c5a950d210f",
|
|
"observed-data--59b2b418-e4d4-4f4f-b5e6-4651950d210f",
|
|
"network-traffic--59b2b418-e4d4-4f4f-b5e6-4651950d210f",
|
|
"ipv4-addr--59b2b418-e4d4-4f4f-b5e6-4651950d210f",
|
|
"observed-data--59b2b418-ee80-4902-a189-2df1950d210f",
|
|
"url--59b2b418-ee80-4902-a189-2df1950d210f",
|
|
"observed-data--59b2b418-9d5c-4ea9-8357-7dfc950d210f",
|
|
"network-traffic--59b2b418-9d5c-4ea9-8357-7dfc950d210f",
|
|
"ipv4-addr--59b2b418-9d5c-4ea9-8357-7dfc950d210f",
|
|
"observed-data--59b2b418-94f0-4d51-b460-7e8e950d210f",
|
|
"url--59b2b418-94f0-4d51-b460-7e8e950d210f",
|
|
"observed-data--59b2b419-f0d0-4e52-b39c-4827950d210f",
|
|
"network-traffic--59b2b419-f0d0-4e52-b39c-4827950d210f",
|
|
"ipv4-addr--59b2b419-f0d0-4e52-b39c-4827950d210f",
|
|
"observed-data--59b2b419-690c-43ee-8ea7-457e950d210f",
|
|
"url--59b2b419-690c-43ee-8ea7-457e950d210f",
|
|
"observed-data--59b2b419-ba38-4c77-8e8b-4fe9950d210f",
|
|
"network-traffic--59b2b419-ba38-4c77-8e8b-4fe9950d210f",
|
|
"ipv4-addr--59b2b419-ba38-4c77-8e8b-4fe9950d210f",
|
|
"indicator--59b2b41a-6b34-4041-b91f-7920950d210f",
|
|
"indicator--59b2b41a-3a58-428c-b1bb-7d59950d210f",
|
|
"indicator--59b2b41a-7ba8-460e-9e50-4398950d210f",
|
|
"indicator--59b2b41a-a8ac-48e5-8cb1-7c5a950d210f",
|
|
"indicator--59b2b41a-3b90-46a5-8e22-43f8950d210f",
|
|
"indicator--59b2b41b-04d8-4023-966d-47e4950d210f",
|
|
"indicator--59b2b41b-667c-40bc-85ef-4a98950d210f",
|
|
"indicator--59b2b41b-8e70-4aaa-b6eb-7959950d210f",
|
|
"indicator--59b2b41b-94ac-4770-bca1-49dc950d210f",
|
|
"indicator--59b2b41c-a6d0-464f-82b4-463c950d210f",
|
|
"indicator--59b2b41c-db50-488a-83af-400d950d210f",
|
|
"indicator--59b2b41c-d82c-4190-9758-472b950d210f",
|
|
"indicator--59b2b41c-b5bc-488a-8091-4d82950d210f",
|
|
"indicator--59b2b41d-6878-4699-a4be-7f0b950d210f",
|
|
"indicator--59b2b41d-b104-4f97-a8c4-7c5a950d210f",
|
|
"indicator--59b2b41d-23ac-4d68-986c-4fd4950d210f",
|
|
"indicator--59b2b41e-b5f0-41be-9c7d-446c950d210f",
|
|
"indicator--59b2b41e-7020-4962-9509-7959950d210f",
|
|
"indicator--59b2b41e-2f6c-4fd9-8405-7e8e950d210f",
|
|
"indicator--59b2b41e-8c9c-4d05-9c05-42e3950d210f",
|
|
"indicator--59b2b41f-7edc-4a51-a9fe-46bc950d210f",
|
|
"indicator--59b2b41f-7890-4dcb-8146-7920950d210f",
|
|
"indicator--59b2b41f-1574-48be-b68a-7f0b950d210f",
|
|
"indicator--59b2b420-8478-41f8-9707-4670950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c2-2838-45d6-80c8-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:10.000Z",
|
|
"modified": "2017-09-08T15:14:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '89a4bfc623055a24e57e1e831153f05d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c3-b4bc-444f-b1bd-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:11.000Z",
|
|
"modified": "2017-09-08T15:14:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3bb08784ca43d644f60fd9408de9133f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c3-7804-459c-99e9-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:11.000Z",
|
|
"modified": "2017-09-08T15:14:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a1cb6b40b49d78103444c32f4f5c1022']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c3-f8f4-4664-b556-4c21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:11.000Z",
|
|
"modified": "2017-09-08T15:14:11.000Z",
|
|
"pattern": "[url:value = 'http://aegelle.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c3-ab1c-4bcc-8cd7-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:11.000Z",
|
|
"modified": "2017-09-08T15:14:11.000Z",
|
|
"pattern": "[domain-name:value = 'aegelle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3c4-972c-434f-af0b-47cf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:12.000Z",
|
|
"modified": "2017-09-08T15:14:12.000Z",
|
|
"first_observed": "2017-09-08T15:14:12Z",
|
|
"last_observed": "2017-09-08T15:14:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3c4-972c-434f-af0b-47cf950d210f",
|
|
"ipv4-addr--59b2b3c4-972c-434f-af0b-47cf950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3c4-972c-434f-af0b-47cf950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3c4-972c-434f-af0b-47cf950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3c4-972c-434f-af0b-47cf950d210f",
|
|
"value": "193.227.248.241"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c4-a548-41ad-8fae-4a5b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:12.000Z",
|
|
"modified": "2017-09-08T15:14:12.000Z",
|
|
"pattern": "[url:value = 'http://akschemicals.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c4-ec00-429f-b256-4b66950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:12.000Z",
|
|
"modified": "2017-09-08T15:14:12.000Z",
|
|
"pattern": "[domain-name:value = 'akschemicals.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:13.000Z",
|
|
"modified": "2017-09-08T15:14:13.000Z",
|
|
"first_observed": "2017-09-08T15:14:13Z",
|
|
"last_observed": "2017-09-08T15:14:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f",
|
|
"ipv4-addr--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3c5-a430-4ccb-ad9a-4bd6950d210f",
|
|
"value": "94.76.212.128"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c5-ebc0-4dbb-b094-477a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:13.000Z",
|
|
"modified": "2017-09-08T15:14:13.000Z",
|
|
"pattern": "[url:value = 'http://ambrogiauto.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c5-ca6c-4a5a-bc77-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:13.000Z",
|
|
"modified": "2017-09-08T15:14:13.000Z",
|
|
"pattern": "[domain-name:value = 'ambrogiauto.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3c5-03f0-450c-9780-44dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:13.000Z",
|
|
"modified": "2017-09-08T15:14:13.000Z",
|
|
"first_observed": "2017-09-08T15:14:13Z",
|
|
"last_observed": "2017-09-08T15:14:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3c5-03f0-450c-9780-44dd950d210f",
|
|
"ipv4-addr--59b2b3c5-03f0-450c-9780-44dd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3c5-03f0-450c-9780-44dd950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3c5-03f0-450c-9780-44dd950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3c5-03f0-450c-9780-44dd950d210f",
|
|
"value": "89.96.90.17"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c6-d898-43e9-8afe-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:14.000Z",
|
|
"modified": "2017-09-08T15:14:14.000Z",
|
|
"pattern": "[url:value = 'http://arthurdenniswilliams.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c6-40b8-4269-930b-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:14.000Z",
|
|
"modified": "2017-09-08T15:14:14.000Z",
|
|
"pattern": "[domain-name:value = 'arthurdenniswilliams.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3c7-82dc-4de5-8e78-4f46950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:15.000Z",
|
|
"modified": "2017-09-08T15:14:15.000Z",
|
|
"first_observed": "2017-09-08T15:14:15Z",
|
|
"last_observed": "2017-09-08T15:14:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3c7-82dc-4de5-8e78-4f46950d210f",
|
|
"ipv4-addr--59b2b3c7-82dc-4de5-8e78-4f46950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3c7-82dc-4de5-8e78-4f46950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3c7-82dc-4de5-8e78-4f46950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3c7-82dc-4de5-8e78-4f46950d210f",
|
|
"value": "64.6.251.126"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c7-75b8-428f-8f17-4bea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:15.000Z",
|
|
"modified": "2017-09-08T15:14:15.000Z",
|
|
"pattern": "[url:value = 'http://atlantarecyclingcenters.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c7-cd54-4b10-9333-46df950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:15.000Z",
|
|
"modified": "2017-09-08T15:14:15.000Z",
|
|
"pattern": "[domain-name:value = 'atlantarecyclingcenters.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3c7-e47c-4768-97ba-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:15.000Z",
|
|
"modified": "2017-09-08T15:14:15.000Z",
|
|
"first_observed": "2017-09-08T15:14:15Z",
|
|
"last_observed": "2017-09-08T15:14:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3c7-e47c-4768-97ba-7959950d210f",
|
|
"ipv4-addr--59b2b3c7-e47c-4768-97ba-7959950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3c7-e47c-4768-97ba-7959950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3c7-e47c-4768-97ba-7959950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3c7-e47c-4768-97ba-7959950d210f",
|
|
"value": "98.124.251.75"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c7-dac0-4340-8274-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:15.000Z",
|
|
"modified": "2017-09-08T15:14:15.000Z",
|
|
"pattern": "[url:value = 'http://autocentrale.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c8-e93c-4d02-9e10-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:16.000Z",
|
|
"modified": "2017-09-08T15:14:16.000Z",
|
|
"pattern": "[domain-name:value = 'autocentrale.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3c8-48c0-42f7-8b2a-45b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:16.000Z",
|
|
"modified": "2017-09-08T15:14:16.000Z",
|
|
"first_observed": "2017-09-08T15:14:16Z",
|
|
"last_observed": "2017-09-08T15:14:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3c8-48c0-42f7-8b2a-45b8950d210f",
|
|
"ipv4-addr--59b2b3c8-48c0-42f7-8b2a-45b8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3c8-48c0-42f7-8b2a-45b8950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3c8-48c0-42f7-8b2a-45b8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3c8-48c0-42f7-8b2a-45b8950d210f",
|
|
"value": "185.81.1.156"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c8-b2f8-4678-874d-4f08950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:16.000Z",
|
|
"modified": "2017-09-08T15:14:16.000Z",
|
|
"pattern": "[url:value = 'http://autoecoleathena.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c8-2b88-4483-8cbe-4d85950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:16.000Z",
|
|
"modified": "2017-09-08T15:14:16.000Z",
|
|
"pattern": "[domain-name:value = 'autoecoleathena.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c9-cba4-4116-a3d1-4c82950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:17.000Z",
|
|
"modified": "2017-09-08T15:14:17.000Z",
|
|
"pattern": "[url:value = 'http://autoecoleautonome.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3c9-5e60-4c85-86ae-4940950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:17.000Z",
|
|
"modified": "2017-09-08T15:14:17.000Z",
|
|
"pattern": "[domain-name:value = 'autoecoleautonome.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ca-3e24-4fd6-ac61-417a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:18.000Z",
|
|
"modified": "2017-09-08T15:14:18.000Z",
|
|
"pattern": "[url:value = 'http://autoecoleboisdesroches.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ca-4438-45c1-8dee-4231950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:18.000Z",
|
|
"modified": "2017-09-08T15:14:18.000Z",
|
|
"pattern": "[domain-name:value = 'autoecoleboisdesroches.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ca-21e4-48a9-bed4-4d73950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:18.000Z",
|
|
"modified": "2017-09-08T15:14:18.000Z",
|
|
"pattern": "[url:value = 'http://autoecolecarces.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ca-f4c8-40a0-9f42-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:18.000Z",
|
|
"modified": "2017-09-08T15:14:18.000Z",
|
|
"pattern": "[domain-name:value = 'autoecolecarces.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3cb-ba1c-46ea-aebb-4df5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:19.000Z",
|
|
"modified": "2017-09-08T15:14:19.000Z",
|
|
"pattern": "[url:value = 'http://autoecoledufrene.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3cb-f5a4-402b-ab60-4b1f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:19.000Z",
|
|
"modified": "2017-09-08T15:14:19.000Z",
|
|
"pattern": "[domain-name:value = 'autoecoledufrene.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3cc-642c-45c0-93c7-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:20.000Z",
|
|
"modified": "2017-09-08T15:14:20.000Z",
|
|
"pattern": "[url:value = 'http://autoecole-jeanpierre.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3cc-06e0-4924-8630-4bd0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:20.000Z",
|
|
"modified": "2017-09-08T15:14:20.000Z",
|
|
"pattern": "[domain-name:value = 'autoecole-jeanpierre.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3cc-82e4-44f4-be70-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:20.000Z",
|
|
"modified": "2017-09-08T15:14:20.000Z",
|
|
"pattern": "[url:value = 'http://autosonidomalaga.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3cd-fdac-4870-95c5-43d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:21.000Z",
|
|
"modified": "2017-09-08T15:14:21.000Z",
|
|
"pattern": "[domain-name:value = 'autosonidomalaga.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3cd-bdc0-4035-87e5-4e71950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:21.000Z",
|
|
"modified": "2017-09-08T15:14:21.000Z",
|
|
"first_observed": "2017-09-08T15:14:21Z",
|
|
"last_observed": "2017-09-08T15:14:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3cd-bdc0-4035-87e5-4e71950d210f",
|
|
"ipv4-addr--59b2b3cd-bdc0-4035-87e5-4e71950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3cd-bdc0-4035-87e5-4e71950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3cd-bdc0-4035-87e5-4e71950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3cd-bdc0-4035-87e5-4e71950d210f",
|
|
"value": "94.127.190.141"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3cd-fc04-4608-91bc-41c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:21.000Z",
|
|
"modified": "2017-09-08T15:14:21.000Z",
|
|
"pattern": "[url:value = 'http://binarycousins.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3cd-b64c-408a-8c82-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:21.000Z",
|
|
"modified": "2017-09-08T15:14:21.000Z",
|
|
"pattern": "[domain-name:value = 'binarycousins.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3ce-3168-4d53-8cac-42de950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:22.000Z",
|
|
"modified": "2017-09-08T15:14:22.000Z",
|
|
"first_observed": "2017-09-08T15:14:22Z",
|
|
"last_observed": "2017-09-08T15:14:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3ce-3168-4d53-8cac-42de950d210f",
|
|
"ipv4-addr--59b2b3ce-3168-4d53-8cac-42de950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3ce-3168-4d53-8cac-42de950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3ce-3168-4d53-8cac-42de950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3ce-3168-4d53-8cac-42de950d210f",
|
|
"value": "208.70.185.81"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ce-9c94-4dfd-a767-43f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:22.000Z",
|
|
"modified": "2017-09-08T15:14:22.000Z",
|
|
"pattern": "[url:value = 'http://bollywoodrhythm.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ce-0b60-4217-ba90-42e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:22.000Z",
|
|
"modified": "2017-09-08T15:14:22.000Z",
|
|
"pattern": "[domain-name:value = 'bollywoodrhythm.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3cf-7db4-4e3e-b7e6-468e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:23.000Z",
|
|
"modified": "2017-09-08T15:14:23.000Z",
|
|
"first_observed": "2017-09-08T15:14:23Z",
|
|
"last_observed": "2017-09-08T15:14:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3cf-7db4-4e3e-b7e6-468e950d210f",
|
|
"ipv4-addr--59b2b3cf-7db4-4e3e-b7e6-468e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3cf-7db4-4e3e-b7e6-468e950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3cf-7db4-4e3e-b7e6-468e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3cf-7db4-4e3e-b7e6-468e950d210f",
|
|
"value": "173.193.191.7"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d0-6b20-4163-8331-449b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:24.000Z",
|
|
"modified": "2017-09-08T15:14:24.000Z",
|
|
"pattern": "[url:value = 'http://busad.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d0-6f6c-44aa-a920-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:24.000Z",
|
|
"modified": "2017-09-08T15:14:24.000Z",
|
|
"pattern": "[domain-name:value = 'busad.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3d0-c390-437f-b602-4112950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:24.000Z",
|
|
"modified": "2017-09-08T15:14:24.000Z",
|
|
"first_observed": "2017-09-08T15:14:24Z",
|
|
"last_observed": "2017-09-08T15:14:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3d0-c390-437f-b602-4112950d210f",
|
|
"ipv4-addr--59b2b3d0-c390-437f-b602-4112950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3d0-c390-437f-b602-4112950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3d0-c390-437f-b602-4112950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3d0-c390-437f-b602-4112950d210f",
|
|
"value": "216.222.197.222"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d0-c3b8-4e1c-8907-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:24.000Z",
|
|
"modified": "2017-09-08T15:14:24.000Z",
|
|
"pattern": "[url:value = 'http://calpadia.co.id/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d1-5930-41ab-b736-40b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:25.000Z",
|
|
"modified": "2017-09-08T15:14:25.000Z",
|
|
"pattern": "[domain-name:value = 'calpadia.co.id']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3d4-6060-4b85-9bc9-45a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:28.000Z",
|
|
"modified": "2017-09-08T15:14:28.000Z",
|
|
"first_observed": "2017-09-08T15:14:28Z",
|
|
"last_observed": "2017-09-08T15:14:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3d4-6060-4b85-9bc9-45a7950d210f",
|
|
"ipv4-addr--59b2b3d4-6060-4b85-9bc9-45a7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3d4-6060-4b85-9bc9-45a7950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3d4-6060-4b85-9bc9-45a7950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3d4-6060-4b85-9bc9-45a7950d210f",
|
|
"value": "202.169.44.149"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d4-53e0-4589-89f6-463c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:28.000Z",
|
|
"modified": "2017-09-08T15:14:28.000Z",
|
|
"pattern": "[url:value = 'http://camerawind.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d5-5fd8-4f59-b5ee-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:29.000Z",
|
|
"modified": "2017-09-08T15:14:29.000Z",
|
|
"pattern": "[domain-name:value = 'camerawind.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3d5-d108-4b68-870d-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:29.000Z",
|
|
"modified": "2017-09-08T15:14:29.000Z",
|
|
"first_observed": "2017-09-08T15:14:29Z",
|
|
"last_observed": "2017-09-08T15:14:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3d5-d108-4b68-870d-7f0b950d210f",
|
|
"ipv4-addr--59b2b3d5-d108-4b68-870d-7f0b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3d5-d108-4b68-870d-7f0b950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3d5-d108-4b68-870d-7f0b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3d5-d108-4b68-870d-7f0b950d210f",
|
|
"value": "185.18.198.158"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d5-f7ac-4644-ac8a-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:29.000Z",
|
|
"modified": "2017-09-08T15:14:29.000Z",
|
|
"pattern": "[url:value = 'http://campusvoltaire.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d5-6f24-47ee-8bdb-4318950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:29.000Z",
|
|
"modified": "2017-09-08T15:14:29.000Z",
|
|
"pattern": "[domain-name:value = 'campusvoltaire.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d6-8174-43d8-a9a9-4d47950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:30.000Z",
|
|
"modified": "2017-09-08T15:14:30.000Z",
|
|
"pattern": "[url:value = 'http://charleskeener.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d6-8134-4252-9a12-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:30.000Z",
|
|
"modified": "2017-09-08T15:14:30.000Z",
|
|
"pattern": "[domain-name:value = 'charleskeener.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3d7-90a8-4185-8f87-4402950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:31.000Z",
|
|
"modified": "2017-09-08T15:14:31.000Z",
|
|
"first_observed": "2017-09-08T15:14:31Z",
|
|
"last_observed": "2017-09-08T15:14:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3d7-90a8-4185-8f87-4402950d210f",
|
|
"ipv4-addr--59b2b3d7-90a8-4185-8f87-4402950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3d7-90a8-4185-8f87-4402950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3d7-90a8-4185-8f87-4402950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3d7-90a8-4185-8f87-4402950d210f",
|
|
"value": "68.171.35.5"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d7-1b9c-4132-8300-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:31.000Z",
|
|
"modified": "2017-09-08T15:14:31.000Z",
|
|
"pattern": "[url:value = 'http://clazbrokerageservices.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d7-2254-48a2-8e0c-4525950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:31.000Z",
|
|
"modified": "2017-09-08T15:14:31.000Z",
|
|
"pattern": "[domain-name:value = 'clazbrokerageservices.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3d7-f398-4814-9027-4ad7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:31.000Z",
|
|
"modified": "2017-09-08T15:14:31.000Z",
|
|
"first_observed": "2017-09-08T15:14:31Z",
|
|
"last_observed": "2017-09-08T15:14:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3d7-f398-4814-9027-4ad7950d210f",
|
|
"ipv4-addr--59b2b3d7-f398-4814-9027-4ad7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3d7-f398-4814-9027-4ad7950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3d7-f398-4814-9027-4ad7950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3d7-f398-4814-9027-4ad7950d210f",
|
|
"value": "64.6.251.63"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d8-1ac8-4820-8ff3-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:32.000Z",
|
|
"modified": "2017-09-08T15:14:32.000Z",
|
|
"pattern": "[url:value = 'http://conlin-boats.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d8-91bc-4d22-9fff-4705950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:32.000Z",
|
|
"modified": "2017-09-08T15:14:32.000Z",
|
|
"pattern": "[domain-name:value = 'conlin-boats.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3d8-7b6c-4186-b167-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:32.000Z",
|
|
"modified": "2017-09-08T15:14:32.000Z",
|
|
"first_observed": "2017-09-08T15:14:32Z",
|
|
"last_observed": "2017-09-08T15:14:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3d8-7b6c-4186-b167-7f0b950d210f",
|
|
"ipv4-addr--59b2b3d8-7b6c-4186-b167-7f0b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3d8-7b6c-4186-b167-7f0b950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3d8-7b6c-4186-b167-7f0b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3d8-7b6c-4186-b167-7f0b950d210f",
|
|
"value": "208.73.32.82"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d8-cc74-4659-8bd9-4a24950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:32.000Z",
|
|
"modified": "2017-09-08T15:14:32.000Z",
|
|
"pattern": "[url:value = 'http://curiouser-n-curiouser.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d9-4a00-4067-bac1-442e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:33.000Z",
|
|
"modified": "2017-09-08T15:14:33.000Z",
|
|
"pattern": "[domain-name:value = 'curiouser-n-curiouser.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3d9-e874-43b0-9fed-427c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:33.000Z",
|
|
"modified": "2017-09-08T15:14:33.000Z",
|
|
"first_observed": "2017-09-08T15:14:33Z",
|
|
"last_observed": "2017-09-08T15:14:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3d9-e874-43b0-9fed-427c950d210f",
|
|
"ipv4-addr--59b2b3d9-e874-43b0-9fed-427c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3d9-e874-43b0-9fed-427c950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3d9-e874-43b0-9fed-427c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3d9-e874-43b0-9fed-427c950d210f",
|
|
"value": "66.199.174.108"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3d9-56e8-4d25-ac11-45ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:33.000Z",
|
|
"modified": "2017-09-08T15:14:33.000Z",
|
|
"pattern": "[url:value = 'http://dar-alataa.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3da-1be4-4cba-9074-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:34.000Z",
|
|
"modified": "2017-09-08T15:14:34.000Z",
|
|
"pattern": "[domain-name:value = 'dar-alataa.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3da-8d5c-43f1-b93f-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:34.000Z",
|
|
"modified": "2017-09-08T15:14:34.000Z",
|
|
"pattern": "[url:value = 'http://envirotambang.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3da-f944-4513-bc6a-466d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:34.000Z",
|
|
"modified": "2017-09-08T15:14:34.000Z",
|
|
"pattern": "[domain-name:value = 'envirotambang.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3db-de1c-4d58-ae38-4ea4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:35.000Z",
|
|
"modified": "2017-09-08T15:14:35.000Z",
|
|
"first_observed": "2017-09-08T15:14:35Z",
|
|
"last_observed": "2017-09-08T15:14:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3db-de1c-4d58-ae38-4ea4950d210f",
|
|
"ipv4-addr--59b2b3db-de1c-4d58-ae38-4ea4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3db-de1c-4d58-ae38-4ea4950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3db-de1c-4d58-ae38-4ea4950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3db-de1c-4d58-ae38-4ea4950d210f",
|
|
"value": "103.53.172.3"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3db-ee60-4821-afb5-4a67950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:35.000Z",
|
|
"modified": "2017-09-08T15:14:35.000Z",
|
|
"pattern": "[url:value = 'http://essenza.co.id/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3db-c8e8-4443-ab43-4546950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:35.000Z",
|
|
"modified": "2017-09-08T15:14:35.000Z",
|
|
"pattern": "[domain-name:value = 'essenza.co.id']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3dc-4858-40de-b211-49d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:36.000Z",
|
|
"modified": "2017-09-08T15:14:36.000Z",
|
|
"first_observed": "2017-09-08T15:14:36Z",
|
|
"last_observed": "2017-09-08T15:14:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3dc-4858-40de-b211-49d6950d210f",
|
|
"ipv4-addr--59b2b3dc-4858-40de-b211-49d6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3dc-4858-40de-b211-49d6950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3dc-4858-40de-b211-49d6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3dc-4858-40de-b211-49d6950d210f",
|
|
"value": "202.169.44.141"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3dd-3554-4a1b-98ee-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:37.000Z",
|
|
"modified": "2017-09-08T15:14:37.000Z",
|
|
"pattern": "[url:value = 'http://fachwerkhaus.ws/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3dd-258c-47c2-a372-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:37.000Z",
|
|
"modified": "2017-09-08T15:14:37.000Z",
|
|
"pattern": "[domain-name:value = 'fachwerkhaus.ws']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3dd-469c-4247-9150-4ad6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:37.000Z",
|
|
"modified": "2017-09-08T15:14:37.000Z",
|
|
"first_observed": "2017-09-08T15:14:37Z",
|
|
"last_observed": "2017-09-08T15:14:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3dd-469c-4247-9150-4ad6950d210f",
|
|
"ipv4-addr--59b2b3dd-469c-4247-9150-4ad6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3dd-469c-4247-9150-4ad6950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3dd-469c-4247-9150-4ad6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3dd-469c-4247-9150-4ad6950d210f",
|
|
"value": "88.99.175.38"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3dd-c6d8-470e-878f-42c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:37.000Z",
|
|
"modified": "2017-09-08T15:14:37.000Z",
|
|
"pattern": "[url:value = 'http://faries-studios.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3de-59e4-4a1e-94d9-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:38.000Z",
|
|
"modified": "2017-09-08T15:14:38.000Z",
|
|
"pattern": "[domain-name:value = 'faries-studios.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3de-c768-4027-ae23-4deb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:38.000Z",
|
|
"modified": "2017-09-08T15:14:38.000Z",
|
|
"first_observed": "2017-09-08T15:14:38Z",
|
|
"last_observed": "2017-09-08T15:14:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3de-c768-4027-ae23-4deb950d210f",
|
|
"ipv4-addr--59b2b3de-c768-4027-ae23-4deb950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3de-c768-4027-ae23-4deb950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3de-c768-4027-ae23-4deb950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3de-c768-4027-ae23-4deb950d210f",
|
|
"value": "66.36.163.133"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3de-e200-4dc1-84a2-4ac7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:38.000Z",
|
|
"modified": "2017-09-08T15:14:38.000Z",
|
|
"pattern": "[url:value = 'http://fcpconsultores.com.br/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3de-2fdc-4a02-9c79-40bc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:38.000Z",
|
|
"modified": "2017-09-08T15:14:38.000Z",
|
|
"pattern": "[domain-name:value = 'fcpconsultores.com.br']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3df-b990-4243-8160-4e77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:39.000Z",
|
|
"modified": "2017-09-08T15:14:39.000Z",
|
|
"first_observed": "2017-09-08T15:14:39Z",
|
|
"last_observed": "2017-09-08T15:14:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3df-b990-4243-8160-4e77950d210f",
|
|
"ipv4-addr--59b2b3df-b990-4243-8160-4e77950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3df-b990-4243-8160-4e77950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3df-b990-4243-8160-4e77950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3df-b990-4243-8160-4e77950d210f",
|
|
"value": "69.64.57.170"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3df-83e8-4952-8d47-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:39.000Z",
|
|
"modified": "2017-09-08T15:14:39.000Z",
|
|
"pattern": "[url:value = 'http://felicesfiestas.com.mx/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3df-d2c8-4a6e-b592-4765950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:39.000Z",
|
|
"modified": "2017-09-08T15:14:39.000Z",
|
|
"pattern": "[domain-name:value = 'felicesfiestas.com.mx']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e0-6064-4a27-9db1-4ecd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:40.000Z",
|
|
"modified": "2017-09-08T15:14:40.000Z",
|
|
"first_observed": "2017-09-08T15:14:40Z",
|
|
"last_observed": "2017-09-08T15:14:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e0-6064-4a27-9db1-4ecd950d210f",
|
|
"ipv4-addr--59b2b3e0-6064-4a27-9db1-4ecd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e0-6064-4a27-9db1-4ecd950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e0-6064-4a27-9db1-4ecd950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e0-6064-4a27-9db1-4ecd950d210f",
|
|
"value": "208.79.200.63"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e0-15a4-40d6-b807-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:40.000Z",
|
|
"modified": "2017-09-08T15:14:40.000Z",
|
|
"pattern": "[url:value = 'http://feng-lian.com.tw/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e0-bc40-4f66-bf26-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:40.000Z",
|
|
"modified": "2017-09-08T15:14:40.000Z",
|
|
"pattern": "[domain-name:value = 'feng-lian.com.tw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e1-234c-4710-9a6c-49f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:41.000Z",
|
|
"modified": "2017-09-08T15:14:41.000Z",
|
|
"first_observed": "2017-09-08T15:14:41Z",
|
|
"last_observed": "2017-09-08T15:14:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e1-234c-4710-9a6c-49f5950d210f",
|
|
"ipv4-addr--59b2b3e1-234c-4710-9a6c-49f5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e1-234c-4710-9a6c-49f5950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e1-234c-4710-9a6c-49f5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e1-234c-4710-9a6c-49f5950d210f",
|
|
"value": "203.74.202.50"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e2-6d08-4509-8784-49ba950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:42.000Z",
|
|
"modified": "2017-09-08T15:14:42.000Z",
|
|
"pattern": "[url:value = 'http://ferrecorte.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e2-9178-4839-b504-4950950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:42.000Z",
|
|
"modified": "2017-09-08T15:14:42.000Z",
|
|
"pattern": "[domain-name:value = 'ferrecorte.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e2-dc0c-4b65-ba56-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:42.000Z",
|
|
"modified": "2017-09-08T15:14:42.000Z",
|
|
"first_observed": "2017-09-08T15:14:42Z",
|
|
"last_observed": "2017-09-08T15:14:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e2-dc0c-4b65-ba56-7920950d210f",
|
|
"ipv4-addr--59b2b3e2-dc0c-4b65-ba56-7920950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e2-dc0c-4b65-ba56-7920950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e2-dc0c-4b65-ba56-7920950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e2-dc0c-4b65-ba56-7920950d210f",
|
|
"value": "69.64.67.10"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e2-ad5c-49c7-a917-463c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:42.000Z",
|
|
"modified": "2017-09-08T15:14:42.000Z",
|
|
"pattern": "[url:value = 'http://fianceevisa101.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e3-b5a4-4bd4-9bfd-4578950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:43.000Z",
|
|
"modified": "2017-09-08T15:14:43.000Z",
|
|
"pattern": "[domain-name:value = 'fianceevisa101.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e3-a78c-43eb-ac3a-43ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:43.000Z",
|
|
"modified": "2017-09-08T15:14:43.000Z",
|
|
"first_observed": "2017-09-08T15:14:43Z",
|
|
"last_observed": "2017-09-08T15:14:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e3-a78c-43eb-ac3a-43ad950d210f",
|
|
"ipv4-addr--59b2b3e3-a78c-43eb-ac3a-43ad950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e3-a78c-43eb-ac3a-43ad950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e3-a78c-43eb-ac3a-43ad950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e3-a78c-43eb-ac3a-43ad950d210f",
|
|
"value": "216.55.186.90"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e3-d0f4-40cd-9491-4645950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:43.000Z",
|
|
"modified": "2017-09-08T15:14:43.000Z",
|
|
"pattern": "[url:value = 'http://fiancevisacover.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e4-a5b0-49fe-8b00-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:44.000Z",
|
|
"modified": "2017-09-08T15:14:44.000Z",
|
|
"pattern": "[domain-name:value = 'fiancevisacover.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e4-783c-4157-81a1-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:44.000Z",
|
|
"modified": "2017-09-08T15:14:44.000Z",
|
|
"pattern": "[url:value = 'http://financeforautos.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e4-8550-4410-831a-4afb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:44.000Z",
|
|
"modified": "2017-09-08T15:14:44.000Z",
|
|
"pattern": "[domain-name:value = 'financeforautos.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e5-e874-41c2-9f56-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:45.000Z",
|
|
"modified": "2017-09-08T15:14:45.000Z",
|
|
"first_observed": "2017-09-08T15:14:45Z",
|
|
"last_observed": "2017-09-08T15:14:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e5-e874-41c2-9f56-7d59950d210f",
|
|
"ipv4-addr--59b2b3e5-e874-41c2-9f56-7d59950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e5-e874-41c2-9f56-7d59950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e5-e874-41c2-9f56-7d59950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e5-e874-41c2-9f56-7d59950d210f",
|
|
"value": "72.4.145.228"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e5-2fe0-432f-b536-4f01950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:45.000Z",
|
|
"modified": "2017-09-08T15:14:45.000Z",
|
|
"pattern": "[url:value = 'http://fincasoroel.es/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e5-68c4-49cb-92b3-4075950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:45.000Z",
|
|
"modified": "2017-09-08T15:14:45.000Z",
|
|
"pattern": "[domain-name:value = 'fincasoroel.es']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e6-8ea4-4891-8df8-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:46.000Z",
|
|
"modified": "2017-09-08T15:14:46.000Z",
|
|
"first_observed": "2017-09-08T15:14:46Z",
|
|
"last_observed": "2017-09-08T15:14:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e6-8ea4-4891-8df8-7920950d210f",
|
|
"ipv4-addr--59b2b3e6-8ea4-4891-8df8-7920950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e6-8ea4-4891-8df8-7920950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e6-8ea4-4891-8df8-7920950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e6-8ea4-4891-8df8-7920950d210f",
|
|
"value": "89.140.72.171"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e6-ab4c-4839-9d11-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:46.000Z",
|
|
"modified": "2017-09-08T15:14:46.000Z",
|
|
"pattern": "[url:value = 'http://flooringforyou.co.uk/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e6-d2dc-4853-8da9-4628950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:46.000Z",
|
|
"modified": "2017-09-08T15:14:46.000Z",
|
|
"pattern": "[domain-name:value = 'flooringforyou.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e6-1b28-4ca7-add3-4824950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:46.000Z",
|
|
"modified": "2017-09-08T15:14:46.000Z",
|
|
"first_observed": "2017-09-08T15:14:46Z",
|
|
"last_observed": "2017-09-08T15:14:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e6-1b28-4ca7-add3-4824950d210f",
|
|
"ipv4-addr--59b2b3e6-1b28-4ca7-add3-4824950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e6-1b28-4ca7-add3-4824950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e6-1b28-4ca7-add3-4824950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e6-1b28-4ca7-add3-4824950d210f",
|
|
"value": "176.56.61.52"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e6-469c-47d2-a616-45cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:46.000Z",
|
|
"modified": "2017-09-08T15:14:46.000Z",
|
|
"pattern": "[url:value = 'http://fls-portal.co.uk/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e7-8434-4232-8e10-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:47.000Z",
|
|
"modified": "2017-09-08T15:14:47.000Z",
|
|
"pattern": "[domain-name:value = 'fls-portal.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:47.000Z",
|
|
"modified": "2017-09-08T15:14:47.000Z",
|
|
"first_observed": "2017-09-08T15:14:47Z",
|
|
"last_observed": "2017-09-08T15:14:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f",
|
|
"ipv4-addr--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e7-1930-4a7a-bc9e-7dfc950d210f",
|
|
"value": "109.108.149.65"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e7-346c-4025-888d-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:47.000Z",
|
|
"modified": "2017-09-08T15:14:47.000Z",
|
|
"pattern": "[url:value = 'http://fmarson.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e7-af44-4f15-82d2-4286950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:47.000Z",
|
|
"modified": "2017-09-08T15:14:47.000Z",
|
|
"pattern": "[domain-name:value = 'fmarson.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e8-f650-4fb4-b247-4d3f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:48.000Z",
|
|
"modified": "2017-09-08T15:14:48.000Z",
|
|
"first_observed": "2017-09-08T15:14:48Z",
|
|
"last_observed": "2017-09-08T15:14:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e8-f650-4fb4-b247-4d3f950d210f",
|
|
"ipv4-addr--59b2b3e8-f650-4fb4-b247-4d3f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e8-f650-4fb4-b247-4d3f950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e8-f650-4fb4-b247-4d3f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e8-f650-4fb4-b247-4d3f950d210f",
|
|
"value": "80.172.241.35"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e8-242c-40ba-ac99-4346950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:48.000Z",
|
|
"modified": "2017-09-08T15:14:48.000Z",
|
|
"pattern": "[url:value = 'http://fonciere-lelievre-prestige.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e8-6294-4f35-9609-455b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:48.000Z",
|
|
"modified": "2017-09-08T15:14:48.000Z",
|
|
"pattern": "[domain-name:value = 'fonciere-lelievre-prestige.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:48.000Z",
|
|
"modified": "2017-09-08T15:14:48.000Z",
|
|
"first_observed": "2017-09-08T15:14:48Z",
|
|
"last_observed": "2017-09-08T15:14:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f",
|
|
"ipv4-addr--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e8-bd4c-45ab-8d91-4dd4950d210f",
|
|
"value": "94.125.163.72"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e9-0200-46a8-bd67-4b66950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:49.000Z",
|
|
"modified": "2017-09-08T15:14:49.000Z",
|
|
"pattern": "[url:value = 'http://formareal.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e9-814c-4c6c-b153-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:49.000Z",
|
|
"modified": "2017-09-08T15:14:49.000Z",
|
|
"pattern": "[domain-name:value = 'formareal.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:49.000Z",
|
|
"modified": "2017-09-08T15:14:49.000Z",
|
|
"first_observed": "2017-09-08T15:14:49Z",
|
|
"last_observed": "2017-09-08T15:14:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f",
|
|
"ipv4-addr--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3e9-d9ec-4a6c-a740-7f0b950d210f",
|
|
"value": "87.118.114.57"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3e9-8c88-4b0f-958e-4c9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:49.000Z",
|
|
"modified": "2017-09-08T15:14:49.000Z",
|
|
"pattern": "[url:value = 'http://fortresssecurity.de/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ea-7e64-4a06-842a-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:50.000Z",
|
|
"modified": "2017-09-08T15:14:50.000Z",
|
|
"pattern": "[domain-name:value = 'fortresssecurity.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3ea-7540-49e2-b6a7-4706950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:50.000Z",
|
|
"modified": "2017-09-08T15:14:50.000Z",
|
|
"first_observed": "2017-09-08T15:14:50Z",
|
|
"last_observed": "2017-09-08T15:14:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3ea-7540-49e2-b6a7-4706950d210f",
|
|
"ipv4-addr--59b2b3ea-7540-49e2-b6a7-4706950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3ea-7540-49e2-b6a7-4706950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3ea-7540-49e2-b6a7-4706950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3ea-7540-49e2-b6a7-4706950d210f",
|
|
"value": "62.75.247.211"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ea-993c-4eb7-b3a0-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:50.000Z",
|
|
"modified": "2017-09-08T15:14:50.000Z",
|
|
"pattern": "[url:value = 'http://freese-architekten.de/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ea-7e88-418b-8dc2-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:50.000Z",
|
|
"modified": "2017-09-08T15:14:50.000Z",
|
|
"pattern": "[domain-name:value = 'freese-architekten.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3eb-f554-48ce-8905-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:51.000Z",
|
|
"modified": "2017-09-08T15:14:51.000Z",
|
|
"first_observed": "2017-09-08T15:14:51Z",
|
|
"last_observed": "2017-09-08T15:14:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3eb-f554-48ce-8905-7e8e950d210f",
|
|
"ipv4-addr--59b2b3eb-f554-48ce-8905-7e8e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3eb-f554-48ce-8905-7e8e950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3eb-f554-48ce-8905-7e8e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3eb-f554-48ce-8905-7e8e950d210f",
|
|
"value": "212.88.128.57"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3eb-f044-44be-bab4-4efb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:51.000Z",
|
|
"modified": "2017-09-08T15:14:51.000Z",
|
|
"pattern": "[url:value = 'http://freevillemusic.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3eb-f8e8-4153-922e-412b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:51.000Z",
|
|
"modified": "2017-09-08T15:14:51.000Z",
|
|
"pattern": "[domain-name:value = 'freevillemusic.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3eb-e83c-4146-b697-48b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:51.000Z",
|
|
"modified": "2017-09-08T15:14:51.000Z",
|
|
"first_observed": "2017-09-08T15:14:51Z",
|
|
"last_observed": "2017-09-08T15:14:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3eb-e83c-4146-b697-48b6950d210f",
|
|
"ipv4-addr--59b2b3eb-e83c-4146-b697-48b6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3eb-e83c-4146-b697-48b6950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3eb-e83c-4146-b697-48b6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3eb-e83c-4146-b697-48b6950d210f",
|
|
"value": "66.84.8.235"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ec-c7c4-44c0-a13d-485c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:52.000Z",
|
|
"modified": "2017-09-08T15:14:52.000Z",
|
|
"pattern": "[url:value = 'http://freidate.de/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ec-a908-458a-98c9-46db950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:52.000Z",
|
|
"modified": "2017-09-08T15:14:52.000Z",
|
|
"pattern": "[domain-name:value = 'freidate.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3ec-5a7c-45d5-9049-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:52.000Z",
|
|
"modified": "2017-09-08T15:14:52.000Z",
|
|
"first_observed": "2017-09-08T15:14:52Z",
|
|
"last_observed": "2017-09-08T15:14:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3ec-5a7c-45d5-9049-7f0b950d210f",
|
|
"ipv4-addr--59b2b3ec-5a7c-45d5-9049-7f0b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3ec-5a7c-45d5-9049-7f0b950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3ec-5a7c-45d5-9049-7f0b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3ec-5a7c-45d5-9049-7f0b950d210f",
|
|
"value": "178.77.96.136"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ec-1094-453e-84ea-43cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:52.000Z",
|
|
"modified": "2017-09-08T15:14:52.000Z",
|
|
"pattern": "[url:value = 'http://frisoguerrino.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ec-f0b0-42db-94b8-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:52.000Z",
|
|
"modified": "2017-09-08T15:14:52.000Z",
|
|
"pattern": "[domain-name:value = 'frisoguerrino.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3ed-4de0-4c51-b3b3-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:53.000Z",
|
|
"modified": "2017-09-08T15:14:53.000Z",
|
|
"first_observed": "2017-09-08T15:14:53Z",
|
|
"last_observed": "2017-09-08T15:14:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3ed-4de0-4c51-b3b3-7959950d210f",
|
|
"ipv4-addr--59b2b3ed-4de0-4c51-b3b3-7959950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3ed-4de0-4c51-b3b3-7959950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3ed-4de0-4c51-b3b3-7959950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3ed-4de0-4c51-b3b3-7959950d210f",
|
|
"value": "185.58.7.104"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ed-4dd4-4d0c-ad1f-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:53.000Z",
|
|
"modified": "2017-09-08T15:14:53.000Z",
|
|
"pattern": "[url:value = 'http://furukawa-iin.net/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ed-5184-4204-becf-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:53.000Z",
|
|
"modified": "2017-09-08T15:14:53.000Z",
|
|
"pattern": "[domain-name:value = 'furukawa-iin.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3ee-e7b8-4bee-b333-4096950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:54.000Z",
|
|
"modified": "2017-09-08T15:14:54.000Z",
|
|
"first_observed": "2017-09-08T15:14:54Z",
|
|
"last_observed": "2017-09-08T15:14:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3ee-e7b8-4bee-b333-4096950d210f",
|
|
"ipv4-addr--59b2b3ee-e7b8-4bee-b333-4096950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3ee-e7b8-4bee-b333-4096950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3ee-e7b8-4bee-b333-4096950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3ee-e7b8-4bee-b333-4096950d210f",
|
|
"value": "202.237.149.19"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ef-2b34-4aa8-a1cf-4987950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:55.000Z",
|
|
"modified": "2017-09-08T15:14:55.000Z",
|
|
"pattern": "[url:value = 'http://fustahermetic.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ef-87d0-455f-94ca-4bf4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:55.000Z",
|
|
"modified": "2017-09-08T15:14:55.000Z",
|
|
"pattern": "[domain-name:value = 'fustahermetic.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3ef-2534-4b2a-906e-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:55.000Z",
|
|
"modified": "2017-09-08T15:14:55.000Z",
|
|
"first_observed": "2017-09-08T15:14:55Z",
|
|
"last_observed": "2017-09-08T15:14:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3ef-2534-4b2a-906e-7920950d210f",
|
|
"ipv4-addr--59b2b3ef-2534-4b2a-906e-7920950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3ef-2534-4b2a-906e-7920950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3ef-2534-4b2a-906e-7920950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3ef-2534-4b2a-906e-7920950d210f",
|
|
"value": "213.192.239.60"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ef-1eb0-4dcf-b39a-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:55.000Z",
|
|
"modified": "2017-09-08T15:14:55.000Z",
|
|
"pattern": "[url:value = 'http://futurehemp.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f0-f0e4-4129-b565-4f8a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:56.000Z",
|
|
"modified": "2017-09-08T15:14:56.000Z",
|
|
"pattern": "[domain-name:value = 'futurehemp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f1-62bc-4453-bad7-4868950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:57.000Z",
|
|
"modified": "2017-09-08T15:14:57.000Z",
|
|
"pattern": "[url:value = 'http://fwbcondo.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f2-34d8-43ff-8831-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:58.000Z",
|
|
"modified": "2017-09-08T15:14:58.000Z",
|
|
"pattern": "[domain-name:value = 'fwbcondo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3f2-3a30-4f76-85c7-4725950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:58.000Z",
|
|
"modified": "2017-09-08T15:14:58.000Z",
|
|
"first_observed": "2017-09-08T15:14:58Z",
|
|
"last_observed": "2017-09-08T15:14:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3f2-3a30-4f76-85c7-4725950d210f",
|
|
"ipv4-addr--59b2b3f2-3a30-4f76-85c7-4725950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3f2-3a30-4f76-85c7-4725950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3f2-3a30-4f76-85c7-4725950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3f2-3a30-4f76-85c7-4725950d210f",
|
|
"value": "74.116.0.194"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f2-1c50-4d14-b059-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:58.000Z",
|
|
"modified": "2017-09-08T15:14:58.000Z",
|
|
"pattern": "[url:value = 'http://gaba-timber.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f3-acb0-4021-870f-4291950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:59.000Z",
|
|
"modified": "2017-09-08T15:14:59.000Z",
|
|
"pattern": "[domain-name:value = 'gaba-timber.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3f3-b80c-4e90-a42c-4d12950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:59.000Z",
|
|
"modified": "2017-09-08T15:14:59.000Z",
|
|
"first_observed": "2017-09-08T15:14:59Z",
|
|
"last_observed": "2017-09-08T15:14:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3f3-b80c-4e90-a42c-4d12950d210f",
|
|
"ipv4-addr--59b2b3f3-b80c-4e90-a42c-4d12950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3f3-b80c-4e90-a42c-4d12950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3f3-b80c-4e90-a42c-4d12950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3f3-b80c-4e90-a42c-4d12950d210f",
|
|
"value": "37.34.57.134"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f3-6340-46d2-b3cf-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:59.000Z",
|
|
"modified": "2017-09-08T15:14:59.000Z",
|
|
"pattern": "[url:value = 'http://gabriellesrestaurant.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f3-fb58-4175-b642-4640950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:14:59.000Z",
|
|
"modified": "2017-09-08T15:14:59.000Z",
|
|
"pattern": "[domain-name:value = 'gabriellesrestaurant.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:14:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3f4-de3c-44ae-be49-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:00.000Z",
|
|
"modified": "2017-09-08T15:15:00.000Z",
|
|
"first_observed": "2017-09-08T15:15:00Z",
|
|
"last_observed": "2017-09-08T15:15:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3f4-de3c-44ae-be49-7c5a950d210f",
|
|
"ipv4-addr--59b2b3f4-de3c-44ae-be49-7c5a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3f4-de3c-44ae-be49-7c5a950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3f4-de3c-44ae-be49-7c5a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3f4-de3c-44ae-be49-7c5a950d210f",
|
|
"value": "207.58.143.135"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f4-0514-4134-a1bf-4f81950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:00.000Z",
|
|
"modified": "2017-09-08T15:15:00.000Z",
|
|
"pattern": "[url:value = 'http://gbvm.nl/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f4-ac8c-46e5-91e0-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:00.000Z",
|
|
"modified": "2017-09-08T15:15:00.000Z",
|
|
"pattern": "[domain-name:value = 'gbvm.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3f4-e5bc-4155-87b2-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:00.000Z",
|
|
"modified": "2017-09-08T15:15:00.000Z",
|
|
"first_observed": "2017-09-08T15:15:00Z",
|
|
"last_observed": "2017-09-08T15:15:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3f4-e5bc-4155-87b2-2df1950d210f",
|
|
"ipv4-addr--59b2b3f4-e5bc-4155-87b2-2df1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3f4-e5bc-4155-87b2-2df1950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3f4-e5bc-4155-87b2-2df1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3f4-e5bc-4155-87b2-2df1950d210f",
|
|
"value": "77.72.145.97"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f5-cd04-46d5-812d-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:01.000Z",
|
|
"modified": "2017-09-08T15:15:01.000Z",
|
|
"pattern": "[url:value = 'http://gdrural.com.au/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f5-d434-49d4-9df8-4fac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:01.000Z",
|
|
"modified": "2017-09-08T15:15:01.000Z",
|
|
"pattern": "[domain-name:value = 'gdrural.com.au']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3f6-09f4-40e8-90fe-4129950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:02.000Z",
|
|
"modified": "2017-09-08T15:15:02.000Z",
|
|
"first_observed": "2017-09-08T15:15:02Z",
|
|
"last_observed": "2017-09-08T15:15:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3f6-09f4-40e8-90fe-4129950d210f",
|
|
"ipv4-addr--59b2b3f6-09f4-40e8-90fe-4129950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3f6-09f4-40e8-90fe-4129950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3f6-09f4-40e8-90fe-4129950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3f6-09f4-40e8-90fe-4129950d210f",
|
|
"value": "113.20.6.89"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f6-0c1c-4f2a-8d44-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:02.000Z",
|
|
"modified": "2017-09-08T15:15:02.000Z",
|
|
"pattern": "[url:value = 'http://geeks-online.de/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f7-d0bc-4c74-8b5d-4504950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:03.000Z",
|
|
"modified": "2017-09-08T15:15:03.000Z",
|
|
"pattern": "[domain-name:value = 'geeks-online.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3f7-ba48-4770-b572-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:03.000Z",
|
|
"modified": "2017-09-08T15:15:03.000Z",
|
|
"first_observed": "2017-09-08T15:15:03Z",
|
|
"last_observed": "2017-09-08T15:15:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3f7-ba48-4770-b572-7959950d210f",
|
|
"ipv4-addr--59b2b3f7-ba48-4770-b572-7959950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3f7-ba48-4770-b572-7959950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3f7-ba48-4770-b572-7959950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3f7-ba48-4770-b572-7959950d210f",
|
|
"value": "78.46.92.133"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f7-6254-48fb-a529-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:03.000Z",
|
|
"modified": "2017-09-08T15:15:03.000Z",
|
|
"pattern": "[url:value = 'http://geocean.co.id/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f7-51d0-4de9-b5d1-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:03.000Z",
|
|
"modified": "2017-09-08T15:15:03.000Z",
|
|
"pattern": "[domain-name:value = 'geocean.co.id']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3f8-2790-427e-ac3e-4873950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:04.000Z",
|
|
"modified": "2017-09-08T15:15:04.000Z",
|
|
"first_observed": "2017-09-08T15:15:04Z",
|
|
"last_observed": "2017-09-08T15:15:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3f8-2790-427e-ac3e-4873950d210f",
|
|
"ipv4-addr--59b2b3f8-2790-427e-ac3e-4873950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3f8-2790-427e-ac3e-4873950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3f8-2790-427e-ac3e-4873950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3f8-2790-427e-ac3e-4873950d210f",
|
|
"value": "202.169.44.143"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f8-2cfc-4277-ae05-46f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:04.000Z",
|
|
"modified": "2017-09-08T15:15:04.000Z",
|
|
"pattern": "[url:value = 'http://gewinnspiel-sachsenhausen.de/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f8-e584-4bf8-b5b0-4dbc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:04.000Z",
|
|
"modified": "2017-09-08T15:15:04.000Z",
|
|
"pattern": "[domain-name:value = 'gewinnspiel-sachsenhausen.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3f9-2840-4f2b-89d7-48a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:05.000Z",
|
|
"modified": "2017-09-08T15:15:05.000Z",
|
|
"first_observed": "2017-09-08T15:15:05Z",
|
|
"last_observed": "2017-09-08T15:15:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3f9-2840-4f2b-89d7-48a6950d210f",
|
|
"ipv4-addr--59b2b3f9-2840-4f2b-89d7-48a6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3f9-2840-4f2b-89d7-48a6950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3f9-2840-4f2b-89d7-48a6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3f9-2840-4f2b-89d7-48a6950d210f",
|
|
"value": "194.173.175.16"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f9-bccc-42b1-af24-42af950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:05.000Z",
|
|
"modified": "2017-09-08T15:15:05.000Z",
|
|
"pattern": "[url:value = 'http://givensplace.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3f9-cf30-4fa2-b4e9-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:05.000Z",
|
|
"modified": "2017-09-08T15:15:05.000Z",
|
|
"pattern": "[domain-name:value = 'givensplace.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:06.000Z",
|
|
"modified": "2017-09-08T15:15:06.000Z",
|
|
"first_observed": "2017-09-08T15:15:06Z",
|
|
"last_observed": "2017-09-08T15:15:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f",
|
|
"ipv4-addr--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3fa-4bb4-4ce6-b02d-4f92950d210f",
|
|
"value": "69.90.148.231"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fa-9b9c-4b3e-b8c9-4c5e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:06.000Z",
|
|
"modified": "2017-09-08T15:15:06.000Z",
|
|
"pattern": "[url:value = 'http://glostrap.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fa-68a8-4644-ab80-4fda950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:06.000Z",
|
|
"modified": "2017-09-08T15:15:06.000Z",
|
|
"pattern": "[domain-name:value = 'glostrap.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3fb-e148-46cb-bf7c-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:07.000Z",
|
|
"modified": "2017-09-08T15:15:07.000Z",
|
|
"first_observed": "2017-09-08T15:15:07Z",
|
|
"last_observed": "2017-09-08T15:15:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3fb-e148-46cb-bf7c-7dfc950d210f",
|
|
"ipv4-addr--59b2b3fb-e148-46cb-bf7c-7dfc950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3fb-e148-46cb-bf7c-7dfc950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3fb-e148-46cb-bf7c-7dfc950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3fb-e148-46cb-bf7c-7dfc950d210f",
|
|
"value": "216.114.192.21"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fb-02dc-4869-9216-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:07.000Z",
|
|
"modified": "2017-09-08T15:15:07.000Z",
|
|
"pattern": "[url:value = 'http://go-coo.jp/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fb-cb30-4070-af91-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:07.000Z",
|
|
"modified": "2017-09-08T15:15:07.000Z",
|
|
"pattern": "[domain-name:value = 'go-coo.jp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3fc-c9ac-48e3-8dab-42e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:08.000Z",
|
|
"modified": "2017-09-08T15:15:08.000Z",
|
|
"first_observed": "2017-09-08T15:15:08Z",
|
|
"last_observed": "2017-09-08T15:15:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3fc-c9ac-48e3-8dab-42e3950d210f",
|
|
"ipv4-addr--59b2b3fc-c9ac-48e3-8dab-42e3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3fc-c9ac-48e3-8dab-42e3950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3fc-c9ac-48e3-8dab-42e3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3fc-c9ac-48e3-8dab-42e3950d210f",
|
|
"value": "203.183.65.225"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fc-abac-4783-9753-40f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:08.000Z",
|
|
"modified": "2017-09-08T15:15:08.000Z",
|
|
"pattern": "[url:value = 'http://gorbitzfilm.de/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fc-2534-4da1-989e-468d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:08.000Z",
|
|
"modified": "2017-09-08T15:15:08.000Z",
|
|
"pattern": "[domain-name:value = 'gorbitzfilm.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3fd-c108-4f6c-93e4-4226950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:09.000Z",
|
|
"modified": "2017-09-08T15:15:09.000Z",
|
|
"first_observed": "2017-09-08T15:15:09Z",
|
|
"last_observed": "2017-09-08T15:15:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3fd-c108-4f6c-93e4-4226950d210f",
|
|
"ipv4-addr--59b2b3fd-c108-4f6c-93e4-4226950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3fd-c108-4f6c-93e4-4226950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3fd-c108-4f6c-93e4-4226950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3fd-c108-4f6c-93e4-4226950d210f",
|
|
"value": "85.119.155.42"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fd-3d38-4e37-a7a1-4b3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:09.000Z",
|
|
"modified": "2017-09-08T15:15:09.000Z",
|
|
"pattern": "[url:value = 'http://grafosdiseno.es/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fd-b488-400b-a1b1-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:09.000Z",
|
|
"modified": "2017-09-08T15:15:09.000Z",
|
|
"pattern": "[domain-name:value = 'grafosdiseno.es']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3fd-7304-4839-8bf0-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:09.000Z",
|
|
"modified": "2017-09-08T15:15:09.000Z",
|
|
"first_observed": "2017-09-08T15:15:09Z",
|
|
"last_observed": "2017-09-08T15:15:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3fd-7304-4839-8bf0-7f0b950d210f",
|
|
"ipv4-addr--59b2b3fd-7304-4839-8bf0-7f0b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3fd-7304-4839-8bf0-7f0b950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3fd-7304-4839-8bf0-7f0b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3fd-7304-4839-8bf0-7f0b950d210f",
|
|
"value": "185.68.108.248"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fe-b530-4eb0-ae96-4a41950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:10.000Z",
|
|
"modified": "2017-09-08T15:15:10.000Z",
|
|
"pattern": "[url:value = 'http://greatesthits.mygoldmusic.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fe-dbb0-432a-ad65-4473950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:10.000Z",
|
|
"modified": "2017-09-08T15:15:10.000Z",
|
|
"pattern": "[domain-name:value = 'greatesthits.mygoldmusic.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3fe-d730-4626-b155-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:10.000Z",
|
|
"modified": "2017-09-08T15:15:10.000Z",
|
|
"first_observed": "2017-09-08T15:15:10Z",
|
|
"last_observed": "2017-09-08T15:15:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3fe-d730-4626-b155-7c5a950d210f",
|
|
"ipv4-addr--59b2b3fe-d730-4626-b155-7c5a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3fe-d730-4626-b155-7c5a950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3fe-d730-4626-b155-7c5a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3fe-d730-4626-b155-7c5a950d210f",
|
|
"value": "176.56.58.114"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fe-7058-4a42-98bb-4c88950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:10.000Z",
|
|
"modified": "2017-09-08T15:15:10.000Z",
|
|
"pattern": "[url:value = 'http://greenerlivingca.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3fe-fa04-4402-95ca-4005950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:10.000Z",
|
|
"modified": "2017-09-08T15:15:10.000Z",
|
|
"pattern": "[domain-name:value = 'greenerlivingca.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b3ff-ed90-464f-bb6e-4a25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:11.000Z",
|
|
"modified": "2017-09-08T15:15:11.000Z",
|
|
"first_observed": "2017-09-08T15:15:11Z",
|
|
"last_observed": "2017-09-08T15:15:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b3ff-ed90-464f-bb6e-4a25950d210f",
|
|
"ipv4-addr--59b2b3ff-ed90-464f-bb6e-4a25950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b3ff-ed90-464f-bb6e-4a25950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b3ff-ed90-464f-bb6e-4a25950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b3ff-ed90-464f-bb6e-4a25950d210f",
|
|
"value": "65.182.175.15"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ff-1104-4c73-97a6-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:11.000Z",
|
|
"modified": "2017-09-08T15:15:11.000Z",
|
|
"pattern": "[url:value = 'http://griffithphoto.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b3ff-3574-4612-a48e-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:11.000Z",
|
|
"modified": "2017-09-08T15:15:11.000Z",
|
|
"pattern": "[domain-name:value = 'griffithphoto.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b400-86f4-482a-b13b-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:12.000Z",
|
|
"modified": "2017-09-08T15:15:12.000Z",
|
|
"first_observed": "2017-09-08T15:15:12Z",
|
|
"last_observed": "2017-09-08T15:15:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b400-86f4-482a-b13b-7959950d210f",
|
|
"ipv4-addr--59b2b400-86f4-482a-b13b-7959950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b400-86f4-482a-b13b-7959950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b400-86f4-482a-b13b-7959950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b400-86f4-482a-b13b-7959950d210f",
|
|
"value": "72.32.177.50"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b400-5bf8-42aa-9d7b-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:12.000Z",
|
|
"modified": "2017-09-08T15:15:12.000Z",
|
|
"pattern": "[url:value = 'http://grlarquitectura.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b400-a6d4-4f23-9cb1-41e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:12.000Z",
|
|
"modified": "2017-09-08T15:15:12.000Z",
|
|
"pattern": "[domain-name:value = 'grlarquitectura.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b401-91ec-4d0a-be8f-47d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:13.000Z",
|
|
"modified": "2017-09-08T15:15:13.000Z",
|
|
"first_observed": "2017-09-08T15:15:13Z",
|
|
"last_observed": "2017-09-08T15:15:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b401-91ec-4d0a-be8f-47d8950d210f",
|
|
"ipv4-addr--59b2b401-91ec-4d0a-be8f-47d8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b401-91ec-4d0a-be8f-47d8950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b401-91ec-4d0a-be8f-47d8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b401-91ec-4d0a-be8f-47d8950d210f",
|
|
"value": "212.89.14.185"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b401-6e04-482e-a481-4bb6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:13.000Z",
|
|
"modified": "2017-09-08T15:15:13.000Z",
|
|
"pattern": "[url:value = 'http://gruppostolfaedilizia.it/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b401-186c-4d88-82e3-486e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:13.000Z",
|
|
"modified": "2017-09-08T15:15:13.000Z",
|
|
"pattern": "[domain-name:value = 'gruppostolfaedilizia.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b402-6770-43b7-b0bc-40eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:14.000Z",
|
|
"modified": "2017-09-08T15:15:14.000Z",
|
|
"first_observed": "2017-09-08T15:15:14Z",
|
|
"last_observed": "2017-09-08T15:15:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b402-6770-43b7-b0bc-40eb950d210f",
|
|
"ipv4-addr--59b2b402-6770-43b7-b0bc-40eb950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b402-6770-43b7-b0bc-40eb950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b402-6770-43b7-b0bc-40eb950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b402-6770-43b7-b0bc-40eb950d210f",
|
|
"value": "195.88.6.241"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b402-609c-41f1-ab5d-4aae950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:14.000Z",
|
|
"modified": "2017-09-08T15:15:14.000Z",
|
|
"pattern": "[url:value = 'http://h1439171.stratoserver.net/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b402-fd34-4f40-a4f7-4347950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:14.000Z",
|
|
"modified": "2017-09-08T15:15:14.000Z",
|
|
"pattern": "[domain-name:value = 'h1439171.stratoserver.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b402-1e1c-4e25-a1fd-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:14.000Z",
|
|
"modified": "2017-09-08T15:15:14.000Z",
|
|
"first_observed": "2017-09-08T15:15:14Z",
|
|
"last_observed": "2017-09-08T15:15:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b402-1e1c-4e25-a1fd-7920950d210f",
|
|
"ipv4-addr--59b2b402-1e1c-4e25-a1fd-7920950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b402-1e1c-4e25-a1fd-7920950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b402-1e1c-4e25-a1fd-7920950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b402-1e1c-4e25-a1fd-7920950d210f",
|
|
"value": "85.214.59.101"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b402-9cf8-44db-af41-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:14.000Z",
|
|
"modified": "2017-09-08T15:15:14.000Z",
|
|
"pattern": "[url:value = 'http://halley-informatica.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b403-ca20-4d95-80d1-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:15.000Z",
|
|
"modified": "2017-09-08T15:15:15.000Z",
|
|
"pattern": "[domain-name:value = 'halley-informatica.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b403-eed8-4050-b1fa-4ecb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:15.000Z",
|
|
"modified": "2017-09-08T15:15:15.000Z",
|
|
"first_observed": "2017-09-08T15:15:15Z",
|
|
"last_observed": "2017-09-08T15:15:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b403-eed8-4050-b1fa-4ecb950d210f",
|
|
"ipv4-addr--59b2b403-eed8-4050-b1fa-4ecb950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b403-eed8-4050-b1fa-4ecb950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b403-eed8-4050-b1fa-4ecb950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b403-eed8-4050-b1fa-4ecb950d210f",
|
|
"value": "212.227.136.197"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b403-34bc-4187-9896-4bbc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:15.000Z",
|
|
"modified": "2017-09-08T15:15:15.000Z",
|
|
"pattern": "[url:value = 'http://hausgadum.de/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b403-9344-4831-ba9e-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:15.000Z",
|
|
"modified": "2017-09-08T15:15:15.000Z",
|
|
"pattern": "[domain-name:value = 'hausgadum.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b404-0420-4ba7-85ae-4cf2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:16.000Z",
|
|
"modified": "2017-09-08T15:15:16.000Z",
|
|
"first_observed": "2017-09-08T15:15:16Z",
|
|
"last_observed": "2017-09-08T15:15:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b404-0420-4ba7-85ae-4cf2950d210f",
|
|
"ipv4-addr--59b2b404-0420-4ba7-85ae-4cf2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b404-0420-4ba7-85ae-4cf2950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b404-0420-4ba7-85ae-4cf2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b404-0420-4ba7-85ae-4cf2950d210f",
|
|
"value": "85.25.45.248"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b404-8218-433a-9f83-4438950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:16.000Z",
|
|
"modified": "2017-09-08T15:15:16.000Z",
|
|
"pattern": "[url:value = 'http://henweekendsbirmingham.co.uk/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b404-0194-4784-8726-44b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:16.000Z",
|
|
"modified": "2017-09-08T15:15:16.000Z",
|
|
"pattern": "[domain-name:value = 'henweekendsbirmingham.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b405-e290-4e75-9673-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:17.000Z",
|
|
"modified": "2017-09-08T15:15:17.000Z",
|
|
"first_observed": "2017-09-08T15:15:17Z",
|
|
"last_observed": "2017-09-08T15:15:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b405-e290-4e75-9673-7dfc950d210f",
|
|
"ipv4-addr--59b2b405-e290-4e75-9673-7dfc950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b405-e290-4e75-9673-7dfc950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b405-e290-4e75-9673-7dfc950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b405-e290-4e75-9673-7dfc950d210f",
|
|
"value": "91.192.195.226"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b405-c46c-4f9b-970f-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:17.000Z",
|
|
"modified": "2017-09-08T15:15:17.000Z",
|
|
"pattern": "[url:value = 'http://jakuboweb.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b405-cfa8-45d4-9a64-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:17.000Z",
|
|
"modified": "2017-09-08T15:15:17.000Z",
|
|
"pattern": "[domain-name:value = 'jakuboweb.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b405-3cb4-4215-8597-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:17.000Z",
|
|
"modified": "2017-09-08T15:15:17.000Z",
|
|
"first_observed": "2017-09-08T15:15:17Z",
|
|
"last_observed": "2017-09-08T15:15:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b405-3cb4-4215-8597-7e8e950d210f",
|
|
"ipv4-addr--59b2b405-3cb4-4215-8597-7e8e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b405-3cb4-4215-8597-7e8e950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b405-3cb4-4215-8597-7e8e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b405-3cb4-4215-8597-7e8e950d210f",
|
|
"value": "149.7.99.14"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b406-3ba8-4167-a694-4bfe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:18.000Z",
|
|
"modified": "2017-09-08T15:15:18.000Z",
|
|
"pattern": "[url:value = 'http://jaysonmorrison.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b406-9e1c-4262-a3ee-4e15950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:18.000Z",
|
|
"modified": "2017-09-08T15:15:18.000Z",
|
|
"pattern": "[domain-name:value = 'jaysonmorrison.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b406-faf4-46ad-82ed-4e32950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:18.000Z",
|
|
"modified": "2017-09-08T15:15:18.000Z",
|
|
"first_observed": "2017-09-08T15:15:18Z",
|
|
"last_observed": "2017-09-08T15:15:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b406-faf4-46ad-82ed-4e32950d210f",
|
|
"ipv4-addr--59b2b406-faf4-46ad-82ed-4e32950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b406-faf4-46ad-82ed-4e32950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b406-faf4-46ad-82ed-4e32950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b406-faf4-46ad-82ed-4e32950d210f",
|
|
"value": "208.79.200.165"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b406-641c-491b-bca9-4e7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:18.000Z",
|
|
"modified": "2017-09-08T15:15:18.000Z",
|
|
"pattern": "[url:value = 'http://kamaks.ba/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b407-01d0-40b3-8dce-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:19.000Z",
|
|
"modified": "2017-09-08T15:15:19.000Z",
|
|
"pattern": "[domain-name:value = 'kamaks.ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b407-88f8-4b9b-a51a-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:19.000Z",
|
|
"modified": "2017-09-08T15:15:19.000Z",
|
|
"first_observed": "2017-09-08T15:15:19Z",
|
|
"last_observed": "2017-09-08T15:15:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b407-88f8-4b9b-a51a-7d59950d210f",
|
|
"ipv4-addr--59b2b407-88f8-4b9b-a51a-7d59950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b407-88f8-4b9b-a51a-7d59950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b407-88f8-4b9b-a51a-7d59950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b407-88f8-4b9b-a51a-7d59950d210f",
|
|
"value": "80.65.162.150"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b407-5c78-4281-9f8e-4d06950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:19.000Z",
|
|
"modified": "2017-09-08T15:15:19.000Z",
|
|
"pattern": "[url:value = 'http://marcomendez.es/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b408-8c2c-4bc8-912d-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:20.000Z",
|
|
"modified": "2017-09-08T15:15:20.000Z",
|
|
"pattern": "[domain-name:value = 'marcomendez.es']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b408-3f14-441c-b7eb-4bc9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:20.000Z",
|
|
"modified": "2017-09-08T15:15:20.000Z",
|
|
"first_observed": "2017-09-08T15:15:20Z",
|
|
"last_observed": "2017-09-08T15:15:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b408-3f14-441c-b7eb-4bc9950d210f",
|
|
"ipv4-addr--59b2b408-3f14-441c-b7eb-4bc9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b408-3f14-441c-b7eb-4bc9950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b408-3f14-441c-b7eb-4bc9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b408-3f14-441c-b7eb-4bc9950d210f",
|
|
"value": "86.109.170.198"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b408-dcf4-4b39-9b8e-4286950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:20.000Z",
|
|
"modified": "2017-09-08T15:15:20.000Z",
|
|
"pattern": "[url:value = 'http://melting-potes.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b408-f888-4089-833f-48a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:20.000Z",
|
|
"modified": "2017-09-08T15:15:20.000Z",
|
|
"pattern": "[domain-name:value = 'melting-potes.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b409-d6e4-489a-a75c-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:21.000Z",
|
|
"modified": "2017-09-08T15:15:21.000Z",
|
|
"first_observed": "2017-09-08T15:15:21Z",
|
|
"last_observed": "2017-09-08T15:15:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b409-d6e4-489a-a75c-2df1950d210f",
|
|
"ipv4-addr--59b2b409-d6e4-489a-a75c-2df1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b409-d6e4-489a-a75c-2df1950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b409-d6e4-489a-a75c-2df1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b409-d6e4-489a-a75c-2df1950d210f",
|
|
"value": "87.98.167.154"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b409-c448-4e75-85ad-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:21.000Z",
|
|
"modified": "2017-09-08T15:15:21.000Z",
|
|
"pattern": "[url:value = 'http://moviesandmysteries.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b409-4770-4347-99f7-492c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:21.000Z",
|
|
"modified": "2017-09-08T15:15:21.000Z",
|
|
"pattern": "[domain-name:value = 'moviesandmysteries.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b409-d15c-40e4-8671-41bc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:21.000Z",
|
|
"modified": "2017-09-08T15:15:21.000Z",
|
|
"first_observed": "2017-09-08T15:15:21Z",
|
|
"last_observed": "2017-09-08T15:15:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b409-d15c-40e4-8671-41bc950d210f",
|
|
"ipv4-addr--59b2b409-d15c-40e4-8671-41bc950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b409-d15c-40e4-8671-41bc950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b409-d15c-40e4-8671-41bc950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b409-d15c-40e4-8671-41bc950d210f",
|
|
"value": "213.208.134.236"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40a-c1b4-4a91-a0b2-4129950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:22.000Z",
|
|
"modified": "2017-09-08T15:15:22.000Z",
|
|
"pattern": "[url:value = 'http://mtblanc-let.co.uk/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40a-c758-40fb-99dd-4d47950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:22.000Z",
|
|
"modified": "2017-09-08T15:15:22.000Z",
|
|
"pattern": "[domain-name:value = 'mtblanc-let.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b40a-c994-44fb-b7a5-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:22.000Z",
|
|
"modified": "2017-09-08T15:15:22.000Z",
|
|
"first_observed": "2017-09-08T15:15:22Z",
|
|
"last_observed": "2017-09-08T15:15:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b40a-c994-44fb-b7a5-7f0b950d210f",
|
|
"ipv4-addr--59b2b40a-c994-44fb-b7a5-7f0b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b40a-c994-44fb-b7a5-7f0b950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b40a-c994-44fb-b7a5-7f0b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b40a-c994-44fb-b7a5-7f0b950d210f",
|
|
"value": "217.199.175.27"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40a-e9a0-4539-a177-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:22.000Z",
|
|
"modified": "2017-09-08T15:15:22.000Z",
|
|
"pattern": "[url:value = 'http://patrickreeves.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40a-cbd0-4ca8-bdef-4ec1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:22.000Z",
|
|
"modified": "2017-09-08T15:15:22.000Z",
|
|
"pattern": "[domain-name:value = 'patrickreeves.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b40b-3288-4935-a333-42f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:23.000Z",
|
|
"modified": "2017-09-08T15:15:23.000Z",
|
|
"first_observed": "2017-09-08T15:15:23Z",
|
|
"last_observed": "2017-09-08T15:15:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b40b-3288-4935-a333-42f7950d210f",
|
|
"ipv4-addr--59b2b40b-3288-4935-a333-42f7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b40b-3288-4935-a333-42f7950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b40b-3288-4935-a333-42f7950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b40b-3288-4935-a333-42f7950d210f",
|
|
"value": "208.79.200.8"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40b-9ab4-436b-b39f-4227950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:23.000Z",
|
|
"modified": "2017-09-08T15:15:23.000Z",
|
|
"pattern": "[url:value = 'http://plumanns.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40b-4fe4-4cb4-8fcc-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:23.000Z",
|
|
"modified": "2017-09-08T15:15:23.000Z",
|
|
"pattern": "[domain-name:value = 'plumanns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b40c-5f78-4eed-a259-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:24.000Z",
|
|
"modified": "2017-09-08T15:15:24.000Z",
|
|
"first_observed": "2017-09-08T15:15:24Z",
|
|
"last_observed": "2017-09-08T15:15:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b40c-5f78-4eed-a259-7e8e950d210f",
|
|
"ipv4-addr--59b2b40c-5f78-4eed-a259-7e8e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b40c-5f78-4eed-a259-7e8e950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b40c-5f78-4eed-a259-7e8e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b40c-5f78-4eed-a259-7e8e950d210f",
|
|
"value": "217.160.224.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40c-25c0-44a3-9df4-46b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:24.000Z",
|
|
"modified": "2017-09-08T15:15:24.000Z",
|
|
"pattern": "[url:value = 'http://potamitis.gr/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40c-1f14-46c7-84f4-4485950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:24.000Z",
|
|
"modified": "2017-09-08T15:15:24.000Z",
|
|
"pattern": "[domain-name:value = 'potamitis.gr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b40c-ddd0-49e0-ab85-47b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:24.000Z",
|
|
"modified": "2017-09-08T15:15:24.000Z",
|
|
"first_observed": "2017-09-08T15:15:24Z",
|
|
"last_observed": "2017-09-08T15:15:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b40c-ddd0-49e0-ab85-47b2950d210f",
|
|
"ipv4-addr--59b2b40c-ddd0-49e0-ab85-47b2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b40c-ddd0-49e0-ab85-47b2950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b40c-ddd0-49e0-ab85-47b2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b40c-ddd0-49e0-ab85-47b2950d210f",
|
|
"value": "62.103.152.100"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40d-3f1c-4edc-8086-4bb1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:25.000Z",
|
|
"modified": "2017-09-08T15:15:25.000Z",
|
|
"pattern": "[url:value = 'http://praxis.ae/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40d-20e8-481e-9891-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:25.000Z",
|
|
"modified": "2017-09-08T15:15:25.000Z",
|
|
"pattern": "[domain-name:value = 'praxis.ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b40d-68bc-48a5-b0d9-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:25.000Z",
|
|
"modified": "2017-09-08T15:15:25.000Z",
|
|
"first_observed": "2017-09-08T15:15:25Z",
|
|
"last_observed": "2017-09-08T15:15:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b40d-68bc-48a5-b0d9-7d59950d210f",
|
|
"ipv4-addr--59b2b40d-68bc-48a5-b0d9-7d59950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b40d-68bc-48a5-b0d9-7d59950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b40d-68bc-48a5-b0d9-7d59950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b40d-68bc-48a5-b0d9-7d59950d210f",
|
|
"value": "109.203.118.45"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40d-b9cc-4a5b-9336-4007950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:25.000Z",
|
|
"modified": "2017-09-08T15:15:25.000Z",
|
|
"pattern": "[url:value = 'http://rampagida.com.tr/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40e-2f74-4195-8960-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:26.000Z",
|
|
"modified": "2017-09-08T15:15:26.000Z",
|
|
"pattern": "[domain-name:value = 'rampagida.com.tr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b40e-38a8-440c-b9b3-4e12950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:26.000Z",
|
|
"modified": "2017-09-08T15:15:26.000Z",
|
|
"first_observed": "2017-09-08T15:15:26Z",
|
|
"last_observed": "2017-09-08T15:15:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b40e-38a8-440c-b9b3-4e12950d210f",
|
|
"ipv4-addr--59b2b40e-38a8-440c-b9b3-4e12950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b40e-38a8-440c-b9b3-4e12950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b40e-38a8-440c-b9b3-4e12950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b40e-38a8-440c-b9b3-4e12950d210f",
|
|
"value": "94.103.38.182"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40e-35ac-44eb-b49d-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:26.000Z",
|
|
"modified": "2017-09-08T15:15:26.000Z",
|
|
"pattern": "[url:value = 'http://richarddrakeconstruction.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40f-5bd4-4bb6-b530-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:27.000Z",
|
|
"modified": "2017-09-08T15:15:27.000Z",
|
|
"pattern": "[domain-name:value = 'richarddrakeconstruction.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b40f-6ed4-4273-b83f-4e96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:27.000Z",
|
|
"modified": "2017-09-08T15:15:27.000Z",
|
|
"first_observed": "2017-09-08T15:15:27Z",
|
|
"last_observed": "2017-09-08T15:15:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b40f-6ed4-4273-b83f-4e96950d210f",
|
|
"ipv4-addr--59b2b40f-6ed4-4273-b83f-4e96950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b40f-6ed4-4273-b83f-4e96950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b40f-6ed4-4273-b83f-4e96950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b40f-6ed4-4273-b83f-4e96950d210f",
|
|
"value": "66.36.163.192"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40f-be94-4116-baaa-4c04950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:27.000Z",
|
|
"modified": "2017-09-08T15:15:27.000Z",
|
|
"pattern": "[url:value = 'http://saunaesofmansatis.net/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b40f-30c0-42f7-8afa-4602950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:27.000Z",
|
|
"modified": "2017-09-08T15:15:27.000Z",
|
|
"pattern": "[domain-name:value = 'saunaesofmansatis.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b410-d600-4d3b-a74c-450d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:28.000Z",
|
|
"modified": "2017-09-08T15:15:28.000Z",
|
|
"first_observed": "2017-09-08T15:15:28Z",
|
|
"last_observed": "2017-09-08T15:15:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b410-d600-4d3b-a74c-450d950d210f",
|
|
"ipv4-addr--59b2b410-d600-4d3b-a74c-450d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b410-d600-4d3b-a74c-450d950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b410-d600-4d3b-a74c-450d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b410-d600-4d3b-a74c-450d950d210f",
|
|
"value": "185.12.110.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b410-5bcc-405d-904d-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:28.000Z",
|
|
"modified": "2017-09-08T15:15:28.000Z",
|
|
"pattern": "[url:value = 'http://tasgetiren.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b410-c7e4-4a59-879e-4c62950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:28.000Z",
|
|
"modified": "2017-09-08T15:15:28.000Z",
|
|
"pattern": "[domain-name:value = 'tasgetiren.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b411-4a5c-42a1-92ac-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:29.000Z",
|
|
"modified": "2017-09-08T15:15:29.000Z",
|
|
"first_observed": "2017-09-08T15:15:29Z",
|
|
"last_observed": "2017-09-08T15:15:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b411-4a5c-42a1-92ac-7c5a950d210f",
|
|
"ipv4-addr--59b2b411-4a5c-42a1-92ac-7c5a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b411-4a5c-42a1-92ac-7c5a950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b411-4a5c-42a1-92ac-7c5a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b411-4a5c-42a1-92ac-7c5a950d210f",
|
|
"value": "188.132.180.113"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b411-776c-45c7-8c61-41ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:29.000Z",
|
|
"modified": "2017-09-08T15:15:29.000Z",
|
|
"pattern": "[url:value = 'http://telesolutionsconsultants.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b411-f6e4-4b57-9725-4b74950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:29.000Z",
|
|
"modified": "2017-09-08T15:15:29.000Z",
|
|
"pattern": "[domain-name:value = 'telesolutionsconsultants.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b412-5304-4ddd-99c1-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:30.000Z",
|
|
"modified": "2017-09-08T15:15:30.000Z",
|
|
"pattern": "[url:value = 'http://terae-lumiere.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b412-8b5c-4545-8046-4924950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:30.000Z",
|
|
"modified": "2017-09-08T15:15:30.000Z",
|
|
"pattern": "[domain-name:value = 'terae-lumiere.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b413-5744-4201-ad26-4d9a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:31.000Z",
|
|
"modified": "2017-09-08T15:15:31.000Z",
|
|
"first_observed": "2017-09-08T15:15:31Z",
|
|
"last_observed": "2017-09-08T15:15:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b413-5744-4201-ad26-4d9a950d210f",
|
|
"ipv4-addr--59b2b413-5744-4201-ad26-4d9a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b413-5744-4201-ad26-4d9a950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b413-5744-4201-ad26-4d9a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b413-5744-4201-ad26-4d9a950d210f",
|
|
"value": "211.125.122.53"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b413-3fe8-468e-a34e-4ef6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:31.000Z",
|
|
"modified": "2017-09-08T15:15:31.000Z",
|
|
"pattern": "[url:value = 'http://uvitacr.com/message.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b413-4ac4-42b4-9137-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:31.000Z",
|
|
"modified": "2017-09-08T15:15:31.000Z",
|
|
"pattern": "[domain-name:value = 'uvitacr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b414-c0c8-49dd-b6e2-40a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:32.000Z",
|
|
"modified": "2017-09-08T15:15:32.000Z",
|
|
"first_observed": "2017-09-08T15:15:32Z",
|
|
"last_observed": "2017-09-08T15:15:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b414-c0c8-49dd-b6e2-40a2950d210f",
|
|
"ipv4-addr--59b2b414-c0c8-49dd-b6e2-40a2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b414-c0c8-49dd-b6e2-40a2950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b414-c0c8-49dd-b6e2-40a2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b414-c0c8-49dd-b6e2-40a2950d210f",
|
|
"value": "64.6.254.237"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b414-8a60-4677-9b81-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:32.000Z",
|
|
"modified": "2017-09-08T15:15:32.000Z",
|
|
"pattern": "[url:value = 'http://ndsiportal.info/msg.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b415-5d24-45ce-a92d-4bd1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:33.000Z",
|
|
"modified": "2017-09-08T15:15:33.000Z",
|
|
"pattern": "[domain-name:value = 'ndsiportal.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b415-0b5c-4a36-b455-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:33.000Z",
|
|
"modified": "2017-09-08T15:15:33.000Z",
|
|
"pattern": "[url:value = 'http://paulcruse.com/jnxuqah.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b415-a66c-42c5-96de-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:33.000Z",
|
|
"modified": "2017-09-08T15:15:33.000Z",
|
|
"pattern": "[domain-name:value = 'paulcruse.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b416-ec88-4593-92f0-42e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:34.000Z",
|
|
"modified": "2017-09-08T15:15:34.000Z",
|
|
"first_observed": "2017-09-08T15:15:34Z",
|
|
"last_observed": "2017-09-08T15:15:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b416-ec88-4593-92f0-42e4950d210f",
|
|
"ipv4-addr--59b2b416-ec88-4593-92f0-42e4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b416-ec88-4593-92f0-42e4950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b416-ec88-4593-92f0-42e4950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b416-ec88-4593-92f0-42e4950d210f",
|
|
"value": "91.215.186.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b416-9c28-4b02-9dfe-4212950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:34.000Z",
|
|
"modified": "2017-09-08T15:15:34.000Z",
|
|
"pattern": "[url:value = 'http://lpdata.com/qteglbq.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b416-c7e4-4ff8-b024-465b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:34.000Z",
|
|
"modified": "2017-09-08T15:15:34.000Z",
|
|
"pattern": "[domain-name:value = 'lpdata.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b416-b984-4f9f-80c4-46d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:34.000Z",
|
|
"modified": "2017-09-08T15:15:34.000Z",
|
|
"first_observed": "2017-09-08T15:15:34Z",
|
|
"last_observed": "2017-09-08T15:15:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b416-b984-4f9f-80c4-46d5950d210f",
|
|
"ipv4-addr--59b2b416-b984-4f9f-80c4-46d5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b416-b984-4f9f-80c4-46d5950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b416-b984-4f9f-80c4-46d5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b416-b984-4f9f-80c4-46d5950d210f",
|
|
"value": "213.180.70.213"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b417-6d1c-4581-968e-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:35.000Z",
|
|
"modified": "2017-09-08T15:15:35.000Z",
|
|
"pattern": "[url:value = 'http://gclubrace.info/p66/gfykjh.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b417-c454-48aa-b164-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:35.000Z",
|
|
"modified": "2017-09-08T15:15:35.000Z",
|
|
"pattern": "[domain-name:value = 'gclubrace.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b417-7cb4-43f0-9da2-41cf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:35.000Z",
|
|
"modified": "2017-09-08T15:15:35.000Z",
|
|
"pattern": "[url:value = 'http://karakascit.com/kdivrdr.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b417-ccb4-4b40-a259-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:35.000Z",
|
|
"modified": "2017-09-08T15:15:35.000Z",
|
|
"pattern": "[domain-name:value = 'karakascit.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b418-e4d4-4f4f-b5e6-4651950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:36.000Z",
|
|
"modified": "2017-09-08T15:15:36.000Z",
|
|
"first_observed": "2017-09-08T15:15:36Z",
|
|
"last_observed": "2017-09-08T15:15:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b418-e4d4-4f4f-b5e6-4651950d210f",
|
|
"ipv4-addr--59b2b418-e4d4-4f4f-b5e6-4651950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b418-e4d4-4f4f-b5e6-4651950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b418-e4d4-4f4f-b5e6-4651950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b418-e4d4-4f4f-b5e6-4651950d210f",
|
|
"value": "185.12.111.126"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b418-ee80-4902-a189-2df1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:36.000Z",
|
|
"modified": "2017-09-08T15:15:36.000Z",
|
|
"first_observed": "2017-09-08T15:15:36Z",
|
|
"last_observed": "2017-09-08T15:15:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b2b418-ee80-4902-a189-2df1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b2b418-ee80-4902-a189-2df1950d210f",
|
|
"value": "http://91.230.211.76/imageload.cgi"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b418-9d5c-4ea9-8357-7dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:36.000Z",
|
|
"modified": "2017-09-08T15:15:36.000Z",
|
|
"first_observed": "2017-09-08T15:15:36Z",
|
|
"last_observed": "2017-09-08T15:15:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b418-9d5c-4ea9-8357-7dfc950d210f",
|
|
"ipv4-addr--59b2b418-9d5c-4ea9-8357-7dfc950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b418-9d5c-4ea9-8357-7dfc950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b418-9d5c-4ea9-8357-7dfc950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b418-9d5c-4ea9-8357-7dfc950d210f",
|
|
"value": "91.230.211.76"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b418-94f0-4d51-b460-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:36.000Z",
|
|
"modified": "2017-09-08T15:15:36.000Z",
|
|
"first_observed": "2017-09-08T15:15:36Z",
|
|
"last_observed": "2017-09-08T15:15:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b2b418-94f0-4d51-b460-7e8e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b2b418-94f0-4d51-b460-7e8e950d210f",
|
|
"value": "http://193.233.60.199/imageload.cgi"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b419-f0d0-4e52-b39c-4827950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:37.000Z",
|
|
"modified": "2017-09-08T15:15:37.000Z",
|
|
"first_observed": "2017-09-08T15:15:37Z",
|
|
"last_observed": "2017-09-08T15:15:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b419-f0d0-4e52-b39c-4827950d210f",
|
|
"ipv4-addr--59b2b419-f0d0-4e52-b39c-4827950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b419-f0d0-4e52-b39c-4827950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b419-f0d0-4e52-b39c-4827950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b419-f0d0-4e52-b39c-4827950d210f",
|
|
"value": "193.233.60.199"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b419-690c-43ee-8ea7-457e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:37.000Z",
|
|
"modified": "2017-09-08T15:15:37.000Z",
|
|
"first_observed": "2017-09-08T15:15:37Z",
|
|
"last_observed": "2017-09-08T15:15:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b2b419-690c-43ee-8ea7-457e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b2b419-690c-43ee-8ea7-457e950d210f",
|
|
"value": "http://91.247.37.137/imageload.cgi"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b2b419-ba38-4c77-8e8b-4fe9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:37.000Z",
|
|
"modified": "2017-09-08T15:15:37.000Z",
|
|
"first_observed": "2017-09-08T15:15:37Z",
|
|
"last_observed": "2017-09-08T15:15:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b2b419-ba38-4c77-8e8b-4fe9950d210f",
|
|
"ipv4-addr--59b2b419-ba38-4c77-8e8b-4fe9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b2b419-ba38-4c77-8e8b-4fe9950d210f",
|
|
"dst_ref": "ipv4-addr--59b2b419-ba38-4c77-8e8b-4fe9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b2b419-ba38-4c77-8e8b-4fe9950d210f",
|
|
"value": "91.247.37.137"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41a-6b34-4041-b91f-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:38.000Z",
|
|
"modified": "2017-09-08T15:15:38.000Z",
|
|
"pattern": "[url:value = 'http://ggnsugrbvqsctbvp.xyz/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41a-3a58-428c-b1bb-7d59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:38.000Z",
|
|
"modified": "2017-09-08T15:15:38.000Z",
|
|
"pattern": "[domain-name:value = 'ggnsugrbvqsctbvp.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41a-7ba8-460e-9e50-4398950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:38.000Z",
|
|
"modified": "2017-09-08T15:15:38.000Z",
|
|
"pattern": "[url:value = 'http://ftjidnqtrkwiky.pl/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41a-a8ac-48e5-8cb1-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:38.000Z",
|
|
"modified": "2017-09-08T15:15:38.000Z",
|
|
"pattern": "[domain-name:value = 'ftjidnqtrkwiky.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41a-3b90-46a5-8e22-43f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:38.000Z",
|
|
"modified": "2017-09-08T15:15:38.000Z",
|
|
"pattern": "[url:value = 'http://eajiongaudlluhkb.pl/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41b-04d8-4023-966d-47e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:39.000Z",
|
|
"modified": "2017-09-08T15:15:39.000Z",
|
|
"pattern": "[domain-name:value = 'eajiongaudlluhkb.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41b-667c-40bc-85ef-4a98950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:39.000Z",
|
|
"modified": "2017-09-08T15:15:39.000Z",
|
|
"pattern": "[url:value = 'http://xxbgblqhxrjrqlnns.pl/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41b-8e70-4aaa-b6eb-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:39.000Z",
|
|
"modified": "2017-09-08T15:15:39.000Z",
|
|
"pattern": "[domain-name:value = 'xxbgblqhxrjrqlnns.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41b-94ac-4770-bca1-49dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:39.000Z",
|
|
"modified": "2017-09-08T15:15:39.000Z",
|
|
"pattern": "[url:value = 'http://ekgetvwh.pl/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41c-a6d0-464f-82b4-463c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:40.000Z",
|
|
"modified": "2017-09-08T15:15:40.000Z",
|
|
"pattern": "[domain-name:value = 'ekgetvwh.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41c-db50-488a-83af-400d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:40.000Z",
|
|
"modified": "2017-09-08T15:15:40.000Z",
|
|
"pattern": "[url:value = 'http://lkjhcsqmhixsdprwr.su/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41c-d82c-4190-9758-472b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:40.000Z",
|
|
"modified": "2017-09-08T15:15:40.000Z",
|
|
"pattern": "[domain-name:value = 'lkjhcsqmhixsdprwr.su']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41c-b5bc-488a-8091-4d82950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:40.000Z",
|
|
"modified": "2017-09-08T15:15:40.000Z",
|
|
"pattern": "[url:value = 'http://trgqoebfdyuaclh.info/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41d-6878-4699-a4be-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:41.000Z",
|
|
"modified": "2017-09-08T15:15:41.000Z",
|
|
"pattern": "[domain-name:value = 'trgqoebfdyuaclh.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41d-b104-4f97-a8c4-7c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:41.000Z",
|
|
"modified": "2017-09-08T15:15:41.000Z",
|
|
"pattern": "[url:value = 'http://qlkqntykkr.ru/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41d-23ac-4d68-986c-4fd4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:41.000Z",
|
|
"modified": "2017-09-08T15:15:41.000Z",
|
|
"pattern": "[domain-name:value = 'qlkqntykkr.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41e-b5f0-41be-9c7d-446c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:42.000Z",
|
|
"modified": "2017-09-08T15:15:42.000Z",
|
|
"pattern": "[url:value = 'http://tcjrsqduhpswxme.xyz/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41e-7020-4962-9509-7959950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:42.000Z",
|
|
"modified": "2017-09-08T15:15:42.000Z",
|
|
"pattern": "[domain-name:value = 'tcjrsqduhpswxme.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41e-2f6c-4fd9-8405-7e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:42.000Z",
|
|
"modified": "2017-09-08T15:15:42.000Z",
|
|
"pattern": "[url:value = 'http://ulmumqxei.ru/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41e-8c9c-4d05-9c05-42e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:42.000Z",
|
|
"modified": "2017-09-08T15:15:42.000Z",
|
|
"pattern": "[domain-name:value = 'ulmumqxei.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41f-7edc-4a51-a9fe-46bc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:43.000Z",
|
|
"modified": "2017-09-08T15:15:43.000Z",
|
|
"pattern": "[url:value = 'http://hbcbtnbvl.info/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41f-7890-4dcb-8146-7920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:43.000Z",
|
|
"modified": "2017-09-08T15:15:43.000Z",
|
|
"pattern": "[domain-name:value = 'hbcbtnbvl.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b41f-1574-48be-b68a-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:43.000Z",
|
|
"modified": "2017-09-08T15:15:43.000Z",
|
|
"pattern": "[url:value = 'http://ujspkiik.click/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b2b420-8478-41f8-9707-4670950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-08T15:15:44.000Z",
|
|
"modified": "2017-09-08T15:15:44.000Z",
|
|
"pattern": "[domain-name:value = 'ujspkiik.click']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-08T15:15:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |