adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/08c5fe06-4375-4fce-a555-b02352cef2d6.json

877 lines
No EOL
35 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--08c5fe06-4375-4fce-a555-b02352cef2d6",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:12:19.000Z",
"modified": "2022-03-01T09:12:19.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--08c5fe06-4375-4fce-a555-b02352cef2d6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:12:19.000Z",
"modified": "2022-03-01T09:12:19.000Z",
"name": "gsocket.io - Global Socket Relay Network (GSRN) - infrastructure",
"published": "2022-03-01T09:12:46Z",
"object_refs": [
"indicator--7d0c4ad4-c000-4f20-9504-bcec20efc133",
"indicator--884b0ad6-c628-4803-b7bf-51221c344e83",
"indicator--c40043f8-1859-4d11-913c-db2acd9ee294",
"indicator--de7eb516-afea-47e6-846c-805b2f3708c2",
"indicator--8926173d-ed4e-41e0-8848-9c1c45303538",
"indicator--54a0f0b5-5505-4088-8453-99f384c8c67f",
"indicator--4f8dd3b7-801a-4ecf-ac91-501d74dcb418",
"indicator--36a5d424-5953-4da4-87a2-d56916ab6d89",
"indicator--6e9edc47-c2d2-4e0f-b132-16c06556d8c0",
"indicator--b70dddc2-39d1-471b-b303-2552758ccc14",
"indicator--cc960a09-8fb5-429a-8054-ee277b68cca8",
"indicator--81d256c6-abfa-40d1-8c09-32b1e7a2737d",
"indicator--166ffa94-b6d5-4a6a-9e76-f18707a26c2e",
"indicator--3e0b38a2-e4e4-4510-b4e1-19af36299bd9",
"indicator--67a11404-30fc-4577-9c35-012025908335",
"indicator--f3d1718d-bded-42a9-8e50-cd066da3b2d0",
"indicator--dbf025a5-d1f7-4373-9dc6-17a000506d2d",
"indicator--e18b6a6e-7873-40e9-a128-cc09c744ac9c",
"indicator--2364c7d6-4af8-4f26-a466-2303081b7f7b",
"indicator--55ca9518-cf3e-47f2-bc07-b754f101c4a7",
"indicator--43dd5ebc-fd53-4c95-aed0-cd7593fd14f1",
"indicator--fdced816-e5b2-4ec9-bf1a-80c6eaadae5e",
"indicator--1c1a3b77-d4a8-44d1-bb6f-af6528d45d22",
"indicator--759197c1-94db-4f31-832a-9029a3dea275",
"indicator--da09048a-d198-4fa7-b7bf-a3fb421973cd",
"indicator--5101e6a4-aad2-45aa-bc07-091de0692afb",
"indicator--e8b28c89-ce25-4178-9fc0-a03df734b6f4",
"indicator--327efcc4-bccd-4e5f-99cf-f464dca94b3c",
"indicator--1630e5a8-36af-4ddf-9cb3-d1001204491d",
"indicator--f52fcbfb-722b-4387-80a2-86ffca6ca9ae",
"indicator--534b93eb-0156-45bf-b112-f55fc1b23b58",
"x-misp-object--8a658310-4183-4368-8ad7-9d71fe63e083",
"x-misp-object--e04519f4-7cb2-4754-aab3-4adc4bb8d1a6"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"adversary:infrastructure-state=\"active\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d0c4ad4-c000-4f20-9504-bcec20efc133",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:05:14.000Z",
"modified": "2022-03-01T09:05:14.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '135.181.106.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:05:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--884b0ad6-c628-4803-b7bf-51221c344e83",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:05:14.000Z",
"modified": "2022-03-01T09:05:14.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '143.198.66.192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:05:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c40043f8-1859-4d11-913c-db2acd9ee294",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:05:14.000Z",
"modified": "2022-03-01T09:05:14.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '18.116.244.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:05:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--de7eb516-afea-47e6-846c-805b2f3708c2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:05:14.000Z",
"modified": "2022-03-01T09:05:14.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.202.239.83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:05:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8926173d-ed4e-41e0-8848-9c1c45303538",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:05:14.000Z",
"modified": "2022-03-01T09:05:14.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '3.130.101.223']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:05:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54a0f0b5-5505-4088-8453-99f384c8c67f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:25.000Z",
"modified": "2022-03-01T09:06:25.000Z",
"pattern": "[domain-name:value = 'a.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4f8dd3b7-801a-4ecf-ac91-501d74dcb418",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:25.000Z",
"modified": "2022-03-01T09:06:25.000Z",
"pattern": "[domain-name:value = 'b.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--36a5d424-5953-4da4-87a2-d56916ab6d89",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:25.000Z",
"modified": "2022-03-01T09:06:25.000Z",
"pattern": "[domain-name:value = 'c.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6e9edc47-c2d2-4e0f-b132-16c06556d8c0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'd.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b70dddc2-39d1-471b-b303-2552758ccc14",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'e.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cc960a09-8fb5-429a-8054-ee277b68cca8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'f.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81d256c6-abfa-40d1-8c09-32b1e7a2737d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'g.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--166ffa94-b6d5-4a6a-9e76-f18707a26c2e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'h.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3e0b38a2-e4e4-4510-b4e1-19af36299bd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'i.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--67a11404-30fc-4577-9c35-012025908335",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'j.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f3d1718d-bded-42a9-8e50-cd066da3b2d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'k.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dbf025a5-d1f7-4373-9dc6-17a000506d2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'l.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e18b6a6e-7873-40e9-a128-cc09c744ac9c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'm.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2364c7d6-4af8-4f26-a466-2303081b7f7b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'n.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ca9518-cf3e-47f2-bc07-b754f101c4a7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'o.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--43dd5ebc-fd53-4c95-aed0-cd7593fd14f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'p.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fdced816-e5b2-4ec9-bf1a-80c6eaadae5e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'q.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1c1a3b77-d4a8-44d1-bb6f-af6528d45d22",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'r.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--759197c1-94db-4f31-832a-9029a3dea275",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 's.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--da09048a-d198-4fa7-b7bf-a3fb421973cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 't.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5101e6a4-aad2-45aa-bc07-091de0692afb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'u.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e8b28c89-ce25-4178-9fc0-a03df734b6f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'v.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--327efcc4-bccd-4e5f-99cf-f464dca94b3c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'w.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1630e5a8-36af-4ddf-9cb3-d1001204491d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'x.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f52fcbfb-722b-4387-80a2-86ffca6ca9ae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'y.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--534b93eb-0156-45bf-b112-f55fc1b23b58",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:06:26.000Z",
"modified": "2022-03-01T09:06:26.000Z",
"pattern": "[domain-name:value = 'z.gs.thc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-03-01T09:06:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8a658310-4183-4368-8ad7-9d71fe63e083",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:10:52.000Z",
"modified": "2022-03-01T09:10:52.000Z",
"labels": [
"misp:name=\"script\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "attachment",
"object_relation": "script-as-attachment",
"value": "enumerate-gsocket.py",
"category": "External analysis",
"uuid": "e8143d94-6066-457e-8bc9-c3a122fedaeb",
"data": "aW1wb3J0IHN0cmluZwppbXBvcnQgZG5zLnJlc29sdmVyCgpkb21haW4gPSAnLmdzLnRoYy5vcmcnCgpmb3IgbmFtZSBpbiBzdHJpbmcuYXNjaWlfbG93ZXJjYXNlOgogICAgaG9zdCA9IGYne25hbWV9e2RvbWFpbn0nCiAgICBhbnN3ZXJzID0gZG5zLnJlc29sdmVyLnJlc29sdmUoaG9zdCwgJ0EnKQogICAgZm9yIHJkYXRhIGluIGFuc3dlcnM6CiAgICAgICAgcHJpbnQoZid7cmRhdGF9LHtob3N0fScpCg=="
},
{
"type": "text",
"object_relation": "language",
"value": "Python",
"category": "Other",
"uuid": "d23f1463-9d15-40d2-b072-b7b533c2fc5b"
},
{
"type": "text",
"object_relation": "comment",
"value": "Support script for extracting the hosts",
"category": "Other",
"uuid": "d8896381-74bd-4256-a13c-59460784f1d6"
},
{
"type": "text",
"object_relation": "state",
"value": "Trusted",
"category": "Other",
"uuid": "d3112599-0a58-4b43-8ff7-b7e180b91c00"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "script"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e04519f4-7cb2-4754-aab3-4adc4bb8d1a6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-03-01T09:08:11.000Z",
"modified": "2022-03-01T09:08:11.000Z",
"labels": [
"misp:name=\"annotation\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "text",
"value": "The Global Socket Relay Network (GSRN) is run, operated and maintained by volunteers. You can use gsocket without running your own GSRN. The GSRN service is provided for free.\r\n\r\nref: https://www.gsocket.io/gsrn/",
"category": "Other",
"uuid": "340cef40-82b2-4dba-8659-7ee4135a75b1"
},
{
"type": "text",
"object_relation": "type",
"value": "Annotation",
"category": "Other",
"uuid": "c22724c1-494b-4a2b-b8e1-55b146894c53"
},
{
"type": "text",
"object_relation": "format",
"value": "text",
"category": "Other",
"uuid": "6e3c266f-8efc-45a1-b72c-e3d252f758bb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "annotation"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink