adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a26b77f-6250-4b25-bd53-4496950d210f.json

1264 lines
No EOL
50 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5a26b77f-6250-4b25-bd53-4496950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-18T16:05:48.000Z",
"modified": "2018-01-18T16:05:48.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a26b77f-6250-4b25-bd53-4496950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-18T16:05:48.000Z",
"modified": "2018-01-18T16:05:48.000Z",
"name": "M2M - \"..doc\" 2017-12-01 : \"12_Invoice_3456\" - \"I_4321.7z\"",
"published": "2018-01-18T16:05:55Z",
"object_refs": [
"indicator--5a26b77f-77bc-4bb8-9acb-c53a950d210f",
"indicator--5a26b780-e510-47d8-9eb2-4b54950d210f",
"indicator--5a26b780-33f0-45b9-b2d7-4ff4950d210f",
"observed-data--5a26b780-52c8-4195-aa36-4f6f950d210f",
"network-traffic--5a26b780-52c8-4195-aa36-4f6f950d210f",
"ipv4-addr--5a26b780-52c8-4195-aa36-4f6f950d210f",
"indicator--5a26b781-7aac-46e3-9172-44e5950d210f",
"indicator--5a26b781-7508-4345-b3a5-4bd5950d210f",
"observed-data--5a26b781-19a4-4ff4-8ac5-4449950d210f",
"network-traffic--5a26b781-19a4-4ff4-8ac5-4449950d210f",
"ipv4-addr--5a26b781-19a4-4ff4-8ac5-4449950d210f",
"indicator--5a26b781-37c0-4b67-b809-464c950d210f",
"indicator--5a26b782-6298-48fc-add7-44b5950d210f",
"observed-data--5a26b782-a45c-40d9-9f13-4f3d950d210f",
"network-traffic--5a26b782-a45c-40d9-9f13-4f3d950d210f",
"ipv4-addr--5a26b782-a45c-40d9-9f13-4f3d950d210f",
"indicator--5a26b782-f970-4a2d-b75f-493c950d210f",
"indicator--5a26b782-6088-4119-bfec-4d40950d210f",
"observed-data--5a26b783-177c-4761-87f4-403b950d210f",
"network-traffic--5a26b783-177c-4761-87f4-403b950d210f",
"ipv4-addr--5a26b783-177c-4761-87f4-403b950d210f",
"indicator--5a26b783-1048-4e2f-8cab-4a8d950d210f",
"indicator--5a26b784-2874-4587-87b2-4cb8950d210f",
"observed-data--5a26b785-3c40-48e3-8143-4914950d210f",
"network-traffic--5a26b785-3c40-48e3-8143-4914950d210f",
"ipv4-addr--5a26b785-3c40-48e3-8143-4914950d210f",
"indicator--5a26b785-9dd0-4ce1-a4be-49b5950d210f",
"indicator--5a26b785-62f0-465d-a4ab-4500950d210f",
"observed-data--5a26b785-edb8-4ba6-bbb8-4b9c950d210f",
"network-traffic--5a26b785-edb8-4ba6-bbb8-4b9c950d210f",
"ipv4-addr--5a26b785-edb8-4ba6-bbb8-4b9c950d210f",
"indicator--5a26b786-9368-42d7-b2f8-422a950d210f",
"indicator--5a26b786-df34-4f97-a2b0-4275950d210f",
"observed-data--5a26b786-9034-4407-b0db-451a950d210f",
"network-traffic--5a26b786-9034-4407-b0db-451a950d210f",
"ipv4-addr--5a26b786-9034-4407-b0db-451a950d210f",
"indicator--5a26b786-8848-4631-bcd0-441c950d210f",
"indicator--5a26b786-4850-4c23-9063-43b6950d210f",
"observed-data--5a26b787-1538-4c8d-84f2-c53a950d210f",
"network-traffic--5a26b787-1538-4c8d-84f2-c53a950d210f",
"ipv4-addr--5a26b787-1538-4c8d-84f2-c53a950d210f",
"indicator--5a26b787-c7cc-48db-8e01-43e8950d210f",
"indicator--5a26b787-c770-45cd-afb6-4ef8950d210f",
"observed-data--5a26b788-4fb8-4c86-b6ca-c6d3950d210f",
"network-traffic--5a26b788-4fb8-4c86-b6ca-c6d3950d210f",
"ipv4-addr--5a26b788-4fb8-4c86-b6ca-c6d3950d210f",
"indicator--5a26b788-d4e8-4705-913c-4760950d210f",
"indicator--5a26b788-602c-4e92-b6ef-479b950d210f",
"observed-data--5a26b788-5750-423c-b531-4d17950d210f",
"network-traffic--5a26b788-5750-423c-b531-4d17950d210f",
"ipv4-addr--5a26b788-5750-423c-b531-4d17950d210f",
"indicator--5a26b788-d7c8-4dee-b871-4b51950d210f",
"indicator--5a26b789-c144-4196-818c-44e0950d210f",
"observed-data--5a26b789-fa10-4394-9152-439d950d210f",
"network-traffic--5a26b789-fa10-4394-9152-439d950d210f",
"ipv4-addr--5a26b789-fa10-4394-9152-439d950d210f",
"indicator--5a26b789-ba7c-464c-b162-4b96950d210f",
"indicator--5a26b789-b28c-4742-85c1-4e2d950d210f",
"observed-data--5a26b78a-b580-40eb-9968-47cf950d210f",
"network-traffic--5a26b78a-b580-40eb-9968-47cf950d210f",
"ipv4-addr--5a26b78a-b580-40eb-9968-47cf950d210f",
"indicator--5a27bffc-2cf0-4653-b04f-bbba02de0b81",
"indicator--5a27bffc-35b4-441b-973f-bbba02de0b81",
"observed-data--5a27bffc-4818-41fc-8ec6-bbba02de0b81",
"url--5a27bffc-4818-41fc-8ec6-bbba02de0b81",
"indicator--5a60bda5-58ec-4ead-bd34-4dc6950d210f",
"indicator--5a60bd4c-7658-4aee-8dfb-409c950d210f",
"indicator--5a60bd62-bbac-42dc-8c5d-4164950d210f",
"indicator--5a60bdd4-af20-4e80-83dc-478a950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Fake Globe Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b77f-77bc-4bb8-9acb-c53a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:31.000Z",
"modified": "2017-12-06T10:01:31.000Z",
"pattern": "[file:hashes.MD5 = '06c82e99dc35ab88f2db7868d30012a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b780-e510-47d8-9eb2-4b54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:31.000Z",
"modified": "2017-12-06T10:01:31.000Z",
"pattern": "[url:value = 'http://basedow-bilder.de/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b780-33f0-45b9-b2d7-4ff4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:31.000Z",
"modified": "2017-12-06T10:01:31.000Z",
"pattern": "[domain-name:value = 'basedow-bilder.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b780-52c8-4195-aa36-4f6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:31.000Z",
"modified": "2017-12-06T10:01:31.000Z",
"first_observed": "2017-12-06T10:01:31Z",
"last_observed": "2017-12-06T10:01:31Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b780-52c8-4195-aa36-4f6f950d210f",
"ipv4-addr--5a26b780-52c8-4195-aa36-4f6f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b780-52c8-4195-aa36-4f6f950d210f",
"dst_ref": "ipv4-addr--5a26b780-52c8-4195-aa36-4f6f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b780-52c8-4195-aa36-4f6f950d210f",
"value": "194.116.187.130"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b781-7aac-46e3-9172-44e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:31.000Z",
"modified": "2017-12-06T10:01:31.000Z",
"pattern": "[url:value = 'http://centralbaptistchurchnj.org/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b781-7508-4345-b3a5-4bd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:31.000Z",
"modified": "2017-12-06T10:01:31.000Z",
"pattern": "[domain-name:value = 'centralbaptistchurchnj.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b781-19a4-4ff4-8ac5-4449950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b781-19a4-4ff4-8ac5-4449950d210f",
"ipv4-addr--5a26b781-19a4-4ff4-8ac5-4449950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b781-19a4-4ff4-8ac5-4449950d210f",
"dst_ref": "ipv4-addr--5a26b781-19a4-4ff4-8ac5-4449950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b781-19a4-4ff4-8ac5-4449950d210f",
"value": "68.171.62.42"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b781-37c0-4b67-b809-464c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://highlandfamily.org/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b782-6298-48fc-add7-44b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'highlandfamily.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b782-a45c-40d9-9f13-4f3d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b782-a45c-40d9-9f13-4f3d950d210f",
"ipv4-addr--5a26b782-a45c-40d9-9f13-4f3d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b782-a45c-40d9-9f13-4f3d950d210f",
"dst_ref": "ipv4-addr--5a26b782-a45c-40d9-9f13-4f3d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b782-a45c-40d9-9f13-4f3d950d210f",
"value": "98.124.252.66"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b782-f970-4a2d-b75f-493c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://motifahsap.com/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b782-6088-4119-bfec-4d40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'motifahsap.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b783-177c-4761-87f4-403b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b783-177c-4761-87f4-403b950d210f",
"ipv4-addr--5a26b783-177c-4761-87f4-403b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b783-177c-4761-87f4-403b950d210f",
"dst_ref": "ipv4-addr--5a26b783-177c-4761-87f4-403b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b783-177c-4761-87f4-403b950d210f",
"value": "188.132.180.113"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b783-1048-4e2f-8cab-4a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://pdj.co.id/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b784-2874-4587-87b2-4cb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'pdj.co.id']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b785-3c40-48e3-8143-4914950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b785-3c40-48e3-8143-4914950d210f",
"ipv4-addr--5a26b785-3c40-48e3-8143-4914950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b785-3c40-48e3-8143-4914950d210f",
"dst_ref": "ipv4-addr--5a26b785-3c40-48e3-8143-4914950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b785-3c40-48e3-8143-4914950d210f",
"value": "202.169.44.166"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b785-9dd0-4ce1-a4be-49b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://pragmaticinquiry.org/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b785-62f0-465d-a4ab-4500950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'pragmaticinquiry.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b785-edb8-4ba6-bbb8-4b9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b785-edb8-4ba6-bbb8-4b9c950d210f",
"ipv4-addr--5a26b785-edb8-4ba6-bbb8-4b9c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b785-edb8-4ba6-bbb8-4b9c950d210f",
"dst_ref": "ipv4-addr--5a26b785-edb8-4ba6-bbb8-4b9c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b785-edb8-4ba6-bbb8-4b9c950d210f",
"value": "98.124.252.145"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b786-9368-42d7-b2f8-422a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://schwellenwertdaten.de/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b786-df34-4f97-a2b0-4275950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'schwellenwertdaten.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b786-9034-4407-b0db-451a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b786-9034-4407-b0db-451a950d210f",
"ipv4-addr--5a26b786-9034-4407-b0db-451a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b786-9034-4407-b0db-451a950d210f",
"dst_ref": "ipv4-addr--5a26b786-9034-4407-b0db-451a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b786-9034-4407-b0db-451a950d210f",
"value": "178.77.75.77"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b786-8848-4631-bcd0-441c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://shamanic-extracts.biz/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b786-4850-4c23-9063-43b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'shamanic-extracts.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b787-1538-4c8d-84f2-c53a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b787-1538-4c8d-84f2-c53a950d210f",
"ipv4-addr--5a26b787-1538-4c8d-84f2-c53a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b787-1538-4c8d-84f2-c53a950d210f",
"dst_ref": "ipv4-addr--5a26b787-1538-4c8d-84f2-c53a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b787-1538-4c8d-84f2-c53a950d210f",
"value": "62.212.154.98"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b787-c7cc-48db-8e01-43e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://team-bobcat.org/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b787-c770-45cd-afb6-4ef8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'team-bobcat.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b788-4fb8-4c86-b6ca-c6d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b788-4fb8-4c86-b6ca-c6d3950d210f",
"ipv4-addr--5a26b788-4fb8-4c86-b6ca-c6d3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b788-4fb8-4c86-b6ca-c6d3950d210f",
"dst_ref": "ipv4-addr--5a26b788-4fb8-4c86-b6ca-c6d3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b788-4fb8-4c86-b6ca-c6d3950d210f",
"value": "212.224.65.254"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b788-d4e8-4705-913c-4760950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://troyriser.com/UYTd46732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b788-602c-4e92-b6ef-479b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'troyriser.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b788-5750-423c-b531-4d17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b788-5750-423c-b531-4d17950d210f",
"ipv4-addr--5a26b788-5750-423c-b531-4d17950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b788-5750-423c-b531-4d17950d210f",
"dst_ref": "ipv4-addr--5a26b788-5750-423c-b531-4d17950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b788-5750-423c-b531-4d17950d210f",
"value": "98.124.251.167"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b788-d7c8-4dee-b871-4b51950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'https://n224ezvhg4sgyamb.onion.link/shfgealjh.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b789-c144-4196-818c-44e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'n224ezvhg4sgyamb.onion.link']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b789-fa10-4394-9152-439d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b789-fa10-4394-9152-439d950d210f",
"ipv4-addr--5a26b789-fa10-4394-9152-439d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b789-fa10-4394-9152-439d950d210f",
"dst_ref": "ipv4-addr--5a26b789-fa10-4394-9152-439d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b789-fa10-4394-9152-439d950d210f",
"value": "188.166.203.69"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b789-ba7c-464c-b162-4b96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[url:value = 'http://summi.space/count.php?nu=105&fb=110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b789-b28c-4742-85c1-4e2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"pattern": "[domain-name:value = 'summi.space']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b78a-b580-40eb-9968-47cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b78a-b580-40eb-9968-47cf950d210f",
"ipv4-addr--5a26b78a-b580-40eb-9968-47cf950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b78a-b580-40eb-9968-47cf950d210f",
"dst_ref": "ipv4-addr--5a26b78a-b580-40eb-9968-47cf950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b78a-b580-40eb-9968-47cf950d210f",
"value": "198.23.241.227"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27bffc-2cf0-4653-b04f-bbba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"description": "- Xchecked via VT: 06c82e99dc35ab88f2db7868d30012a8",
"pattern": "[file:hashes.SHA256 = 'e2209f339b2e5afbb40d4f3dfddf4939ffdb9accbb5253121707a5b1cde15dd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27bffc-35b4-441b-973f-bbba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"description": "- Xchecked via VT: 06c82e99dc35ab88f2db7868d30012a8",
"pattern": "[file:hashes.SHA1 = '4bcba41741021833e193e721f4461645ab7fdb43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a27bffc-4818-41fc-8ec6-bbba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:01:32.000Z",
"modified": "2017-12-06T10:01:32.000Z",
"first_observed": "2017-12-06T10:01:32Z",
"last_observed": "2017-12-06T10:01:32Z",
"number_observed": 1,
"object_refs": [
"url--5a27bffc-4818-41fc-8ec6-bbba02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a27bffc-4818-41fc-8ec6-bbba02de0b81",
"value": "https://www.virustotal.com/file/e2209f339b2e5afbb40d4f3dfddf4939ffdb9accbb5253121707a5b1cde15dd2/analysis/1512435065/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a60bda5-58ec-4ead-bd34-4dc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-18T15:30:45.000Z",
"modified": "2018-01-18T15:30:45.000Z",
"description": "Found in file: scan_17.01.doc",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.176.221.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-18T15:30:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a60bd4c-7658-4aee-8dfb-409c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-18T15:29:16.000Z",
"modified": "2018-01-18T15:29:16.000Z",
"pattern": "[file:hashes.MD5 = '5c3d35bd9282f61e414319d9d98c80b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-18T15:29:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a60bd62-bbac-42dc-8c5d-4164950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-18T15:29:38.000Z",
"modified": "2018-01-18T15:29:38.000Z",
"pattern": "[file:hashes.MD5 = 'b9f2699fc826f8109b12a17c1283ac3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-18T15:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a60bdd4-af20-4e80-83dc-478a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-18T15:31:32.000Z",
"modified": "2018-01-18T15:31:32.000Z",
"description": "Found in file: scan_17.01.doc",
"pattern": "[url:value = 'http://185.176.221.146/download/s/gtz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-18T15:31:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink