2195 lines
No EOL
88 KiB
JSON
2195 lines
No EOL
88 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--59f07791-b430-4a85-97c8-452d950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:29.000Z",
|
|
"modified": "2017-10-25T12:28:29.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--59f07791-b430-4a85-97c8-452d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:29.000Z",
|
|
"modified": "2017-10-25T12:28:29.000Z",
|
|
"name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-25\n : \"Invoice AZ123456\" - \"AZ123456.doc\"",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"indicator--59f07792-fe9c-4c9f-b4e9-4b6c950d210f",
|
|
"indicator--59f07792-3a08-4ee0-ac9f-42cf950d210f",
|
|
"indicator--59f07792-bf10-498b-9298-4111950d210f",
|
|
"indicator--59f07792-c3e0-44ae-a70d-44aa950d210f",
|
|
"indicator--59f07793-a2cc-49df-97cd-414d950d210f",
|
|
"observed-data--59f07794-1b28-4646-a73d-4009950d210f",
|
|
"network-traffic--59f07794-1b28-4646-a73d-4009950d210f",
|
|
"ipv4-addr--59f07794-1b28-4646-a73d-4009950d210f",
|
|
"indicator--59f07794-f1c4-4743-961d-21ef950d210f",
|
|
"indicator--59f07795-e734-4ac7-904d-45b7950d210f",
|
|
"observed-data--59f07795-ceac-4673-ab11-4651950d210f",
|
|
"network-traffic--59f07795-ceac-4673-ab11-4651950d210f",
|
|
"ipv4-addr--59f07795-ceac-4673-ab11-4651950d210f",
|
|
"indicator--59f07795-61b8-4cb8-bd1b-43fd950d210f",
|
|
"indicator--59f07795-9c00-4d70-a466-42be950d210f",
|
|
"observed-data--59f07796-110c-4703-aafc-48a5950d210f",
|
|
"network-traffic--59f07796-110c-4703-aafc-48a5950d210f",
|
|
"ipv4-addr--59f07796-110c-4703-aafc-48a5950d210f",
|
|
"indicator--59f07796-0364-45d4-b527-2380950d210f",
|
|
"indicator--59f07796-b748-4325-bb69-2277950d210f",
|
|
"observed-data--59f07797-ad10-424a-8413-2177950d210f",
|
|
"network-traffic--59f07797-ad10-424a-8413-2177950d210f",
|
|
"ipv4-addr--59f07797-ad10-424a-8413-2177950d210f",
|
|
"indicator--59f07797-cfe8-4cbd-907e-45bf950d210f",
|
|
"indicator--59f07797-b770-4afb-b7f9-498e950d210f",
|
|
"observed-data--59f07798-45fc-4a4c-ba9c-46cc950d210f",
|
|
"network-traffic--59f07798-45fc-4a4c-ba9c-46cc950d210f",
|
|
"ipv4-addr--59f07798-45fc-4a4c-ba9c-46cc950d210f",
|
|
"indicator--59f07798-8018-4aa7-b1a1-2183950d210f",
|
|
"indicator--59f07798-fcd0-402f-8a56-4bfc950d210f",
|
|
"observed-data--59f07798-67ec-48f8-b2cd-4595950d210f",
|
|
"network-traffic--59f07798-67ec-48f8-b2cd-4595950d210f",
|
|
"ipv4-addr--59f07798-67ec-48f8-b2cd-4595950d210f",
|
|
"indicator--59f07799-9b98-41d1-8854-2367950d210f",
|
|
"indicator--59f07799-48fc-44c1-9cd9-4eee950d210f",
|
|
"observed-data--59f0779a-bdfc-4ac1-8a17-2177950d210f",
|
|
"network-traffic--59f0779a-bdfc-4ac1-8a17-2177950d210f",
|
|
"ipv4-addr--59f0779a-bdfc-4ac1-8a17-2177950d210f",
|
|
"indicator--59f0779a-90fc-4b14-99e9-21ef950d210f",
|
|
"indicator--59f0779a-269c-4f5e-98c9-462d950d210f",
|
|
"observed-data--59f0779b-f988-4beb-945d-45b7950d210f",
|
|
"network-traffic--59f0779b-f988-4beb-945d-45b7950d210f",
|
|
"ipv4-addr--59f0779b-f988-4beb-945d-45b7950d210f",
|
|
"indicator--59f0779c-46cc-4750-b97d-46a1950d210f",
|
|
"indicator--59f0779c-0c18-42c8-bc72-4a3c950d210f",
|
|
"observed-data--59f0779c-5870-4275-809e-2380950d210f",
|
|
"network-traffic--59f0779c-5870-4275-809e-2380950d210f",
|
|
"ipv4-addr--59f0779c-5870-4275-809e-2380950d210f",
|
|
"indicator--59f0779c-35c8-4180-af3e-4a67950d210f",
|
|
"indicator--59f0779d-6158-4b65-9d71-4b8c950d210f",
|
|
"observed-data--59f0779d-afa0-4947-afb7-21ef950d210f",
|
|
"network-traffic--59f0779d-afa0-4947-afb7-21ef950d210f",
|
|
"ipv4-addr--59f0779d-afa0-4947-afb7-21ef950d210f",
|
|
"observed-data--59f0779d-d8b4-43a2-808b-4917950d210f",
|
|
"network-traffic--59f0779d-d8b4-43a2-808b-4917950d210f",
|
|
"ipv4-addr--59f0779d-d8b4-43a2-808b-4917950d210f",
|
|
"observed-data--59f0779d-411c-452f-a3ca-4d27950d210f",
|
|
"network-traffic--59f0779d-411c-452f-a3ca-4d27950d210f",
|
|
"ipv4-addr--59f0779d-411c-452f-a3ca-4d27950d210f",
|
|
"observed-data--59f0779e-fc5c-4445-8582-2183950d210f",
|
|
"network-traffic--59f0779e-fc5c-4445-8582-2183950d210f",
|
|
"ipv4-addr--59f0779e-fc5c-4445-8582-2183950d210f",
|
|
"observed-data--59f0779e-c724-4c47-9401-4412950d210f",
|
|
"network-traffic--59f0779e-c724-4c47-9401-4412950d210f",
|
|
"ipv4-addr--59f0779e-c724-4c47-9401-4412950d210f",
|
|
"observed-data--59f0779e-b658-46f6-8e54-42ee950d210f",
|
|
"network-traffic--59f0779e-b658-46f6-8e54-42ee950d210f",
|
|
"ipv4-addr--59f0779e-b658-46f6-8e54-42ee950d210f",
|
|
"observed-data--59f0779e-0598-4578-95e6-40f8950d210f",
|
|
"network-traffic--59f0779e-0598-4578-95e6-40f8950d210f",
|
|
"ipv4-addr--59f0779e-0598-4578-95e6-40f8950d210f",
|
|
"observed-data--59f0779f-7eec-467b-b695-2380950d210f",
|
|
"network-traffic--59f0779f-7eec-467b-b695-2380950d210f",
|
|
"ipv4-addr--59f0779f-7eec-467b-b695-2380950d210f",
|
|
"observed-data--59f0779f-8760-45f1-9a38-4457950d210f",
|
|
"network-traffic--59f0779f-8760-45f1-9a38-4457950d210f",
|
|
"ipv4-addr--59f0779f-8760-45f1-9a38-4457950d210f",
|
|
"observed-data--59f0779f-0e88-4764-bd61-2177950d210f",
|
|
"network-traffic--59f0779f-0e88-4764-bd61-2177950d210f",
|
|
"ipv4-addr--59f0779f-0e88-4764-bd61-2177950d210f",
|
|
"observed-data--59f077a0-0b64-4c8a-842a-4bde950d210f",
|
|
"network-traffic--59f077a0-0b64-4c8a-842a-4bde950d210f",
|
|
"ipv4-addr--59f077a0-0b64-4c8a-842a-4bde950d210f",
|
|
"observed-data--59f077a0-66e0-46f7-a52a-4812950d210f",
|
|
"network-traffic--59f077a0-66e0-46f7-a52a-4812950d210f",
|
|
"ipv4-addr--59f077a0-66e0-46f7-a52a-4812950d210f",
|
|
"observed-data--59f077a0-16a0-4060-b7a2-4df0950d210f",
|
|
"network-traffic--59f077a0-16a0-4060-b7a2-4df0950d210f",
|
|
"ipv4-addr--59f077a0-16a0-4060-b7a2-4df0950d210f",
|
|
"observed-data--59f077a1-c0d8-4e2d-850e-2183950d210f",
|
|
"network-traffic--59f077a1-c0d8-4e2d-850e-2183950d210f",
|
|
"ipv4-addr--59f077a1-c0d8-4e2d-850e-2183950d210f",
|
|
"observed-data--59f077a1-d140-48eb-90df-42c2950d210f",
|
|
"network-traffic--59f077a1-d140-48eb-90df-42c2950d210f",
|
|
"ipv4-addr--59f077a1-d140-48eb-90df-42c2950d210f",
|
|
"observed-data--59f077a1-56a4-4fdc-83f4-4e8b950d210f",
|
|
"network-traffic--59f077a1-56a4-4fdc-83f4-4e8b950d210f",
|
|
"ipv4-addr--59f077a1-56a4-4fdc-83f4-4e8b950d210f",
|
|
"observed-data--59f077a2-65a0-4405-b1f6-2367950d210f",
|
|
"network-traffic--59f077a2-65a0-4405-b1f6-2367950d210f",
|
|
"ipv4-addr--59f077a2-65a0-4405-b1f6-2367950d210f",
|
|
"observed-data--59f077a2-64e8-47df-9409-4dd2950d210f",
|
|
"network-traffic--59f077a2-64e8-47df-9409-4dd2950d210f",
|
|
"ipv4-addr--59f077a2-64e8-47df-9409-4dd2950d210f",
|
|
"observed-data--59f077a2-3ca8-4cfb-b32a-2177950d210f",
|
|
"network-traffic--59f077a2-3ca8-4cfb-b32a-2177950d210f",
|
|
"ipv4-addr--59f077a2-3ca8-4cfb-b32a-2177950d210f",
|
|
"observed-data--59f077a3-7ca4-46f3-93d0-212d950d210f",
|
|
"network-traffic--59f077a3-7ca4-46f3-93d0-212d950d210f",
|
|
"ipv4-addr--59f077a3-7ca4-46f3-93d0-212d950d210f",
|
|
"observed-data--59f077a3-b014-4e2d-b0cd-4cb5950d210f",
|
|
"network-traffic--59f077a3-b014-4e2d-b0cd-4cb5950d210f",
|
|
"ipv4-addr--59f077a3-b014-4e2d-b0cd-4cb5950d210f",
|
|
"observed-data--59f077a3-ca40-492f-9714-404b950d210f",
|
|
"network-traffic--59f077a3-ca40-492f-9714-404b950d210f",
|
|
"ipv4-addr--59f077a3-ca40-492f-9714-404b950d210f",
|
|
"observed-data--59f077a3-1110-4102-86a6-2183950d210f",
|
|
"network-traffic--59f077a3-1110-4102-86a6-2183950d210f",
|
|
"ipv4-addr--59f077a3-1110-4102-86a6-2183950d210f",
|
|
"observed-data--59f077a4-1854-4870-9f57-48d8950d210f",
|
|
"network-traffic--59f077a4-1854-4870-9f57-48d8950d210f",
|
|
"ipv4-addr--59f077a4-1854-4870-9f57-48d8950d210f",
|
|
"observed-data--59f077a4-f2b8-4864-8e33-40ec950d210f",
|
|
"network-traffic--59f077a4-f2b8-4864-8e33-40ec950d210f",
|
|
"ipv4-addr--59f077a4-f2b8-4864-8e33-40ec950d210f",
|
|
"observed-data--59f077a5-774c-43af-96d2-2367950d210f",
|
|
"network-traffic--59f077a5-774c-43af-96d2-2367950d210f",
|
|
"ipv4-addr--59f077a5-774c-43af-96d2-2367950d210f",
|
|
"observed-data--59f077a5-9904-4130-b43f-2380950d210f",
|
|
"network-traffic--59f077a5-9904-4130-b43f-2380950d210f",
|
|
"ipv4-addr--59f077a5-9904-4130-b43f-2380950d210f",
|
|
"observed-data--59f077a5-0998-45ad-9756-4976950d210f",
|
|
"network-traffic--59f077a5-0998-45ad-9756-4976950d210f",
|
|
"ipv4-addr--59f077a5-0998-45ad-9756-4976950d210f",
|
|
"observed-data--59f077a5-47d4-4184-954e-21ef950d210f",
|
|
"network-traffic--59f077a5-47d4-4184-954e-21ef950d210f",
|
|
"ipv4-addr--59f077a5-47d4-4184-954e-21ef950d210f",
|
|
"observed-data--59f077a6-5340-4f7b-b7ab-4b44950d210f",
|
|
"network-traffic--59f077a6-5340-4f7b-b7ab-4b44950d210f",
|
|
"ipv4-addr--59f077a6-5340-4f7b-b7ab-4b44950d210f",
|
|
"indicator--59f08367-7b90-4718-a7c6-49f102de0b81",
|
|
"indicator--59f08367-dc14-4f94-a62d-440b02de0b81",
|
|
"observed-data--59f08367-a400-41cd-8271-4ad002de0b81",
|
|
"url--59f08367-a400-41cd-8271-4ad002de0b81",
|
|
"indicator--59f08367-e5f0-4952-957b-458d02de0b81",
|
|
"indicator--59f08367-e234-4f54-b04c-432502de0b81",
|
|
"observed-data--59f08367-b0f8-41a1-97bf-4b6f02de0b81",
|
|
"url--59f08367-b0f8-41a1-97bf-4b6f02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
"misp-galaxy:ransomware=\"Locky\"",
|
|
"misp-galaxy:tool=\"Trick Bot\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07792-fe9c-4c9f-b4e9-4b6c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2119cd6480863198437c021b8b3e6339']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07792-3a08-4ee0-ac9f-42cf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4bbfcc1fc86790fb51917c49ff35925c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07792-bf10-498b-9298-4111950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a500852b5e32a70d9f585884b23ab30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07792-c3e0-44ae-a70d-44aa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[url:value = 'http://cirad.or.id/JHGxte633']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07793-a2cc-49df-97cd-414d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[domain-name:value = 'cirad.or.id']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f07794-1b28-4646-a73d-4009950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"first_observed": "2017-10-25T12:28:22Z",
|
|
"last_observed": "2017-10-25T12:28:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f07794-1b28-4646-a73d-4009950d210f",
|
|
"ipv4-addr--59f07794-1b28-4646-a73d-4009950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f07794-1b28-4646-a73d-4009950d210f",
|
|
"dst_ref": "ipv4-addr--59f07794-1b28-4646-a73d-4009950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f07794-1b28-4646-a73d-4009950d210f",
|
|
"value": "202.145.0.45"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07794-f1c4-4743-961d-21ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[url:value = 'http://deroeckrecycling.nl/JHGxte633']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07795-e734-4ac7-904d-45b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[domain-name:value = 'deroeckrecycling.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f07795-ceac-4673-ab11-4651950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"first_observed": "2017-10-25T12:28:22Z",
|
|
"last_observed": "2017-10-25T12:28:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f07795-ceac-4673-ab11-4651950d210f",
|
|
"ipv4-addr--59f07795-ceac-4673-ab11-4651950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f07795-ceac-4673-ab11-4651950d210f",
|
|
"dst_ref": "ipv4-addr--59f07795-ceac-4673-ab11-4651950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f07795-ceac-4673-ab11-4651950d210f",
|
|
"value": "94.126.70.2"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07795-61b8-4cb8-bd1b-43fd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[url:value = 'http://dnhconsultores.com/JHGxte633']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07795-9c00-4d70-a466-42be950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[domain-name:value = 'dnhconsultores.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f07796-110c-4703-aafc-48a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"first_observed": "2017-10-25T12:28:22Z",
|
|
"last_observed": "2017-10-25T12:28:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f07796-110c-4703-aafc-48a5950d210f",
|
|
"ipv4-addr--59f07796-110c-4703-aafc-48a5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f07796-110c-4703-aafc-48a5950d210f",
|
|
"dst_ref": "ipv4-addr--59f07796-110c-4703-aafc-48a5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f07796-110c-4703-aafc-48a5950d210f",
|
|
"value": "212.227.138.50"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07796-0364-45d4-b527-2380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[url:value = 'http://clinicapaulocardozo.pt/cjiwgf87634']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07796-b748-4325-bb69-2277950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[domain-name:value = 'clinicapaulocardozo.pt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f07797-ad10-424a-8413-2177950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"first_observed": "2017-10-25T12:28:22Z",
|
|
"last_observed": "2017-10-25T12:28:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f07797-ad10-424a-8413-2177950d210f",
|
|
"ipv4-addr--59f07797-ad10-424a-8413-2177950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f07797-ad10-424a-8413-2177950d210f",
|
|
"dst_ref": "ipv4-addr--59f07797-ad10-424a-8413-2177950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f07797-ad10-424a-8413-2177950d210f",
|
|
"value": "80.172.241.42"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07797-cfe8-4cbd-907e-45bf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[url:value = 'http://comfortshow.net/cjiwgf87634']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07797-b770-4afb-b7f9-498e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[domain-name:value = 'comfortshow.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f07798-45fc-4a4c-ba9c-46cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"first_observed": "2017-10-25T12:28:22Z",
|
|
"last_observed": "2017-10-25T12:28:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f07798-45fc-4a4c-ba9c-46cc950d210f",
|
|
"ipv4-addr--59f07798-45fc-4a4c-ba9c-46cc950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f07798-45fc-4a4c-ba9c-46cc950d210f",
|
|
"dst_ref": "ipv4-addr--59f07798-45fc-4a4c-ba9c-46cc950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f07798-45fc-4a4c-ba9c-46cc950d210f",
|
|
"value": "185.58.7.116"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07798-8018-4aa7-b1a1-2183950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[url:value = 'http://colegiomayex.es/cjiwgf87634']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07798-fcd0-402f-8a56-4bfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[domain-name:value = 'colegiomayex.es']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f07798-67ec-48f8-b2cd-4595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"first_observed": "2017-10-25T12:28:22Z",
|
|
"last_observed": "2017-10-25T12:28:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f07798-67ec-48f8-b2cd-4595950d210f",
|
|
"ipv4-addr--59f07798-67ec-48f8-b2cd-4595950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f07798-67ec-48f8-b2cd-4595950d210f",
|
|
"dst_ref": "ipv4-addr--59f07798-67ec-48f8-b2cd-4595950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f07798-67ec-48f8-b2cd-4595950d210f",
|
|
"value": "86.109.162.92"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07799-9b98-41d1-8854-2367950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:22.000Z",
|
|
"modified": "2017-10-25T12:28:22.000Z",
|
|
"pattern": "[url:value = 'http://c2bychuchai.com/cjiwgf87634']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f07799-48fc-44c1-9cd9-4eee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"pattern": "[domain-name:value = 'c2bychuchai.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779a-bdfc-4ac1-8a17-2177950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779a-bdfc-4ac1-8a17-2177950d210f",
|
|
"ipv4-addr--59f0779a-bdfc-4ac1-8a17-2177950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779a-bdfc-4ac1-8a17-2177950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779a-bdfc-4ac1-8a17-2177950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779a-bdfc-4ac1-8a17-2177950d210f",
|
|
"value": "52.220.90.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f0779a-90fc-4b14-99e9-21ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"pattern": "[url:value = 'http://toundlefa.net/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f0779a-269c-4f5e-98c9-462d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"pattern": "[domain-name:value = 'toundlefa.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779b-f988-4beb-945d-45b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779b-f988-4beb-945d-45b7950d210f",
|
|
"ipv4-addr--59f0779b-f988-4beb-945d-45b7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779b-f988-4beb-945d-45b7950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779b-f988-4beb-945d-45b7950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779b-f988-4beb-945d-45b7950d210f",
|
|
"value": "34.236.147.16"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f0779c-46cc-4750-b97d-46a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"pattern": "[url:value = 'http://highlandfamily.org/JHui834.enc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f0779c-0c18-42c8-bc72-4a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"pattern": "[domain-name:value = 'highlandfamily.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779c-5870-4275-809e-2380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779c-5870-4275-809e-2380950d210f",
|
|
"ipv4-addr--59f0779c-5870-4275-809e-2380950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779c-5870-4275-809e-2380950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779c-5870-4275-809e-2380950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779c-5870-4275-809e-2380950d210f",
|
|
"value": "98.124.252.66"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f0779c-35c8-4180-af3e-4a67950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"pattern": "[url:value = 'http://givagarden.com/KJHg7643.enc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f0779d-6158-4b65-9d71-4b8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"pattern": "[domain-name:value = 'givagarden.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779d-afa0-4947-afb7-21ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779d-afa0-4947-afb7-21ef950d210f",
|
|
"ipv4-addr--59f0779d-afa0-4947-afb7-21ef950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779d-afa0-4947-afb7-21ef950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779d-afa0-4947-afb7-21ef950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779d-afa0-4947-afb7-21ef950d210f",
|
|
"value": "93.186.244.43"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779d-d8b4-43a2-808b-4917950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779d-d8b4-43a2-808b-4917950d210f",
|
|
"ipv4-addr--59f0779d-d8b4-43a2-808b-4917950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779d-d8b4-43a2-808b-4917950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779d-d8b4-43a2-808b-4917950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779d-d8b4-43a2-808b-4917950d210f",
|
|
"value": "176.120.126.21"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779d-411c-452f-a3ca-4d27950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779d-411c-452f-a3ca-4d27950d210f",
|
|
"ipv4-addr--59f0779d-411c-452f-a3ca-4d27950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779d-411c-452f-a3ca-4d27950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779d-411c-452f-a3ca-4d27950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779d-411c-452f-a3ca-4d27950d210f",
|
|
"value": "156.17.92.161"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779e-fc5c-4445-8582-2183950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779e-fc5c-4445-8582-2183950d210f",
|
|
"ipv4-addr--59f0779e-fc5c-4445-8582-2183950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779e-fc5c-4445-8582-2183950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779e-fc5c-4445-8582-2183950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779e-fc5c-4445-8582-2183950d210f",
|
|
"value": "178.254.183.34"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779e-c724-4c47-9401-4412950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779e-c724-4c47-9401-4412950d210f",
|
|
"ipv4-addr--59f0779e-c724-4c47-9401-4412950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779e-c724-4c47-9401-4412950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779e-c724-4c47-9401-4412950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779e-c724-4c47-9401-4412950d210f",
|
|
"value": "178.254.183.13"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779e-b658-46f6-8e54-42ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779e-b658-46f6-8e54-42ee950d210f",
|
|
"ipv4-addr--59f0779e-b658-46f6-8e54-42ee950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779e-b658-46f6-8e54-42ee950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779e-b658-46f6-8e54-42ee950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779e-b658-46f6-8e54-42ee950d210f",
|
|
"value": "94.251.188.225"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779e-0598-4578-95e6-40f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779e-0598-4578-95e6-40f8950d210f",
|
|
"ipv4-addr--59f0779e-0598-4578-95e6-40f8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779e-0598-4578-95e6-40f8950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779e-0598-4578-95e6-40f8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779e-0598-4578-95e6-40f8950d210f",
|
|
"value": "178.169.129.202"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779f-7eec-467b-b695-2380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779f-7eec-467b-b695-2380950d210f",
|
|
"ipv4-addr--59f0779f-7eec-467b-b695-2380950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779f-7eec-467b-b695-2380950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779f-7eec-467b-b695-2380950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779f-7eec-467b-b695-2380950d210f",
|
|
"value": "188.120.249.181"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779f-8760-45f1-9a38-4457950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779f-8760-45f1-9a38-4457950d210f",
|
|
"ipv4-addr--59f0779f-8760-45f1-9a38-4457950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779f-8760-45f1-9a38-4457950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779f-8760-45f1-9a38-4457950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779f-8760-45f1-9a38-4457950d210f",
|
|
"value": "62.109.9.121"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f0779f-0e88-4764-bd61-2177950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f0779f-0e88-4764-bd61-2177950d210f",
|
|
"ipv4-addr--59f0779f-0e88-4764-bd61-2177950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f0779f-0e88-4764-bd61-2177950d210f",
|
|
"dst_ref": "ipv4-addr--59f0779f-0e88-4764-bd61-2177950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f0779f-0e88-4764-bd61-2177950d210f",
|
|
"value": "185.34.52.193"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a0-0b64-4c8a-842a-4bde950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a0-0b64-4c8a-842a-4bde950d210f",
|
|
"ipv4-addr--59f077a0-0b64-4c8a-842a-4bde950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a0-0b64-4c8a-842a-4bde950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a0-0b64-4c8a-842a-4bde950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a0-0b64-4c8a-842a-4bde950d210f",
|
|
"value": "62.109.24.224"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a0-66e0-46f7-a52a-4812950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a0-66e0-46f7-a52a-4812950d210f",
|
|
"ipv4-addr--59f077a0-66e0-46f7-a52a-4812950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a0-66e0-46f7-a52a-4812950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a0-66e0-46f7-a52a-4812950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a0-66e0-46f7-a52a-4812950d210f",
|
|
"value": "82.146.59.195"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a0-16a0-4060-b7a2-4df0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a0-16a0-4060-b7a2-4df0950d210f",
|
|
"ipv4-addr--59f077a0-16a0-4060-b7a2-4df0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a0-16a0-4060-b7a2-4df0950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a0-16a0-4060-b7a2-4df0950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a0-16a0-4060-b7a2-4df0950d210f",
|
|
"value": "80.87.198.199"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a1-c0d8-4e2d-850e-2183950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a1-c0d8-4e2d-850e-2183950d210f",
|
|
"ipv4-addr--59f077a1-c0d8-4e2d-850e-2183950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a1-c0d8-4e2d-850e-2183950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a1-c0d8-4e2d-850e-2183950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a1-c0d8-4e2d-850e-2183950d210f",
|
|
"value": "62.109.26.77"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a1-d140-48eb-90df-42c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a1-d140-48eb-90df-42c2950d210f",
|
|
"ipv4-addr--59f077a1-d140-48eb-90df-42c2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a1-d140-48eb-90df-42c2950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a1-d140-48eb-90df-42c2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a1-d140-48eb-90df-42c2950d210f",
|
|
"value": "194.87.234.254"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a1-56a4-4fdc-83f4-4e8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a1-56a4-4fdc-83f4-4e8b950d210f",
|
|
"ipv4-addr--59f077a1-56a4-4fdc-83f4-4e8b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a1-56a4-4fdc-83f4-4e8b950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a1-56a4-4fdc-83f4-4e8b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a1-56a4-4fdc-83f4-4e8b950d210f",
|
|
"value": "194.87.236.14"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a2-65a0-4405-b1f6-2367950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a2-65a0-4405-b1f6-2367950d210f",
|
|
"ipv4-addr--59f077a2-65a0-4405-b1f6-2367950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a2-65a0-4405-b1f6-2367950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a2-65a0-4405-b1f6-2367950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a2-65a0-4405-b1f6-2367950d210f",
|
|
"value": "188.120.249.77"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a2-64e8-47df-9409-4dd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a2-64e8-47df-9409-4dd2950d210f",
|
|
"ipv4-addr--59f077a2-64e8-47df-9409-4dd2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a2-64e8-47df-9409-4dd2950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a2-64e8-47df-9409-4dd2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a2-64e8-47df-9409-4dd2950d210f",
|
|
"value": "188.120.249.119"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a2-3ca8-4cfb-b32a-2177950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a2-3ca8-4cfb-b32a-2177950d210f",
|
|
"ipv4-addr--59f077a2-3ca8-4cfb-b32a-2177950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a2-3ca8-4cfb-b32a-2177950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a2-3ca8-4cfb-b32a-2177950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a2-3ca8-4cfb-b32a-2177950d210f",
|
|
"value": "194.87.238.250"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a3-7ca4-46f3-93d0-212d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a3-7ca4-46f3-93d0-212d950d210f",
|
|
"ipv4-addr--59f077a3-7ca4-46f3-93d0-212d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a3-7ca4-46f3-93d0-212d950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a3-7ca4-46f3-93d0-212d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a3-7ca4-46f3-93d0-212d950d210f",
|
|
"value": "195.133.146.221"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a3-b014-4e2d-b0cd-4cb5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a3-b014-4e2d-b0cd-4cb5950d210f",
|
|
"ipv4-addr--59f077a3-b014-4e2d-b0cd-4cb5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a3-b014-4e2d-b0cd-4cb5950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a3-b014-4e2d-b0cd-4cb5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a3-b014-4e2d-b0cd-4cb5950d210f",
|
|
"value": "194.87.102.114"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a3-ca40-492f-9714-404b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a3-ca40-492f-9714-404b950d210f",
|
|
"ipv4-addr--59f077a3-ca40-492f-9714-404b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a3-ca40-492f-9714-404b950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a3-ca40-492f-9714-404b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a3-ca40-492f-9714-404b950d210f",
|
|
"value": "185.80.128.122"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a3-1110-4102-86a6-2183950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a3-1110-4102-86a6-2183950d210f",
|
|
"ipv4-addr--59f077a3-1110-4102-86a6-2183950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a3-1110-4102-86a6-2183950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a3-1110-4102-86a6-2183950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a3-1110-4102-86a6-2183950d210f",
|
|
"value": "188.120.249.190"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a4-1854-4870-9f57-48d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a4-1854-4870-9f57-48d8950d210f",
|
|
"ipv4-addr--59f077a4-1854-4870-9f57-48d8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a4-1854-4870-9f57-48d8950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a4-1854-4870-9f57-48d8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a4-1854-4870-9f57-48d8950d210f",
|
|
"value": "194.87.111.202"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a4-f2b8-4864-8e33-40ec950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a4-f2b8-4864-8e33-40ec950d210f",
|
|
"ipv4-addr--59f077a4-f2b8-4864-8e33-40ec950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a4-f2b8-4864-8e33-40ec950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a4-f2b8-4864-8e33-40ec950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a4-f2b8-4864-8e33-40ec950d210f",
|
|
"value": "185.125.46.104"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a5-774c-43af-96d2-2367950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a5-774c-43af-96d2-2367950d210f",
|
|
"ipv4-addr--59f077a5-774c-43af-96d2-2367950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a5-774c-43af-96d2-2367950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a5-774c-43af-96d2-2367950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a5-774c-43af-96d2-2367950d210f",
|
|
"value": "194.87.237.249"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a5-9904-4130-b43f-2380950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a5-9904-4130-b43f-2380950d210f",
|
|
"ipv4-addr--59f077a5-9904-4130-b43f-2380950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a5-9904-4130-b43f-2380950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a5-9904-4130-b43f-2380950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a5-9904-4130-b43f-2380950d210f",
|
|
"value": "62.109.29.243"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a5-0998-45ad-9756-4976950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a5-0998-45ad-9756-4976950d210f",
|
|
"ipv4-addr--59f077a5-0998-45ad-9756-4976950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a5-0998-45ad-9756-4976950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a5-0998-45ad-9756-4976950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a5-0998-45ad-9756-4976950d210f",
|
|
"value": "95.154.199.47"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a5-47d4-4184-954e-21ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a5-47d4-4184-954e-21ef950d210f",
|
|
"ipv4-addr--59f077a5-47d4-4184-954e-21ef950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a5-47d4-4184-954e-21ef950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a5-47d4-4184-954e-21ef950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a5-47d4-4184-954e-21ef950d210f",
|
|
"value": "62.109.17.145"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f077a6-5340-4f7b-b7ab-4b44950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59f077a6-5340-4f7b-b7ab-4b44950d210f",
|
|
"ipv4-addr--59f077a6-5340-4f7b-b7ab-4b44950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59f077a6-5340-4f7b-b7ab-4b44950d210f",
|
|
"dst_ref": "ipv4-addr--59f077a6-5340-4f7b-b7ab-4b44950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59f077a6-5340-4f7b-b7ab-4b44950d210f",
|
|
"value": "185.158.115.7"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f08367-7b90-4718-a7c6-49f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"description": "- Xchecked via VT: 4bbfcc1fc86790fb51917c49ff35925c",
|
|
"pattern": "[file:hashes.SHA256 = '2a4a09ddbaeb53d09a633d3a29c46d661c1504542ff342d4044d56a8f823ad7e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f08367-dc14-4f94-a62d-440b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"description": "- Xchecked via VT: 4bbfcc1fc86790fb51917c49ff35925c",
|
|
"pattern": "[file:hashes.SHA1 = 'ef3e48301e7b339b28ddc5436e4ec15b9726af82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f08367-a400-41cd-8271-4ad002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59f08367-a400-41cd-8271-4ad002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59f08367-a400-41cd-8271-4ad002de0b81",
|
|
"value": "https://www.virustotal.com/file/2a4a09ddbaeb53d09a633d3a29c46d661c1504542ff342d4044d56a8f823ad7e/analysis/1508932619/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f08367-e5f0-4952-957b-458d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"description": "- Xchecked via VT: 2119cd6480863198437c021b8b3e6339",
|
|
"pattern": "[file:hashes.SHA256 = '798aa42748dcb1078824c2027cf6a0d151c14e945cb902382fcd9ae646bfa120']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59f08367-e234-4f54-b04c-432502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"description": "- Xchecked via VT: 2119cd6480863198437c021b8b3e6339",
|
|
"pattern": "[file:hashes.SHA1 = '4356cedce0409b45348eda0c378783e7bf5ee781']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-25T12:28:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59f08367-b0f8-41a1-97bf-4b6f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-25T12:28:23.000Z",
|
|
"modified": "2017-10-25T12:28:23.000Z",
|
|
"first_observed": "2017-10-25T12:28:23Z",
|
|
"last_observed": "2017-10-25T12:28:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59f08367-b0f8-41a1-97bf-4b6f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59f08367-b0f8-41a1-97bf-4b6f02de0b81",
|
|
"value": "https://www.virustotal.com/file/798aa42748dcb1078824c2027cf6a0d151c14e945cb902382fcd9ae646bfa120/analysis/1508932972/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |