adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/1c4e9e86-eff3-485f-aa1d-1bff68101b14.json

2591 lines
No EOL
104 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--1c4e9e86-eff3-485f-aa1d-1bff68101b14",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:58:16.000Z",
"modified": "2020-12-10T12:58:16.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--1c4e9e86-eff3-485f-aa1d-1bff68101b14",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:58:16.000Z",
"modified": "2020-12-10T12:58:16.000Z",
"name": "OSINT - CobaltStrike C2s Dec2020_10",
"published": "2020-12-10T12:58:29Z",
"object_refs": [
"indicator--6247385e-d35b-4fd3-8c5c-baf2f84ec1ec",
"indicator--b20a564e-edea-438a-ab8c-49ebf6ea252b",
"indicator--d0baa683-497c-4b4c-a242-6b748b594795",
"indicator--ad01ab3e-05cd-410f-ae6d-ad431b7c5391",
"indicator--8c1cafb0-fabb-4e33-938e-a2fa092451d2",
"indicator--69a13af3-13ad-4574-a97a-ec8ba5a8b385",
"indicator--4ffa4e15-92de-43e4-912d-4cbd9b810095",
"indicator--be0bc9b5-cb43-4e88-94a7-23fb0303cbc7",
"indicator--42401926-71f9-4437-ab0c-642bf968f444",
"indicator--1c801a83-ee84-4df1-9378-01c049e57b34",
"indicator--b1e56d27-b249-4ec4-98cc-04c5928c67dc",
"indicator--02ba5d76-f74d-4f06-9c12-0a047bcfff99",
"indicator--e779c3e6-fa4d-4e04-bb1c-708c6b3f1294",
"indicator--9f957714-0da4-4ac1-88d0-3a20431c2fa4",
"indicator--a8be673c-93d2-4a54-b7e9-2463b5d326e4",
"indicator--98df11a4-30bf-4239-bfd5-7a2eeb29c303",
"indicator--93a70769-7a52-4887-ab34-0071cf841d73",
"indicator--978f68ff-525b-4f56-8140-bc43570aeab5",
"indicator--3684c1ca-584c-426a-9d9e-681f90867371",
"indicator--73858011-cfeb-4bcf-b858-99e669fa33a8",
"indicator--128a4de7-f58e-4911-af65-d1e85013a1fc",
"indicator--3e59ec67-eade-4f38-ba38-c6e47a8104dd",
"indicator--225a6ce9-329e-49b6-9d73-05a114c25683",
"indicator--122f14c6-4f21-4998-b1fc-2cca227b0139",
"indicator--f60c090a-e650-4daa-925d-cf45d512a681",
"indicator--108854c1-afe8-4b20-a15c-018244cd6c2b",
"indicator--cf648da5-93c9-46bb-8e2a-73d4fa736766",
"indicator--1be8eb51-2893-485e-821e-1ef77298bede",
"indicator--eb05844b-0223-4423-bb66-e745e3778486",
"indicator--eef1e52e-bae9-4514-8354-abdb52f49437",
"indicator--584a5077-c2b3-497e-9041-861d8dbe3ce0",
"indicator--80c68e30-fbd9-4da3-9064-af5f11e90cbf",
"indicator--d5408b0b-5aad-4eb4-87e0-088a789f8ef3",
"indicator--9fc947ff-abfb-4805-a802-97e22cf42914",
"indicator--506ebc8e-2a5b-4729-9edf-81ca17329e2d",
"indicator--025a2340-dc3e-47c2-96a0-f91be7bb18f7",
"indicator--3d346534-20c4-4377-b515-31aa5e5953d4",
"indicator--69cf018a-1a8b-4ace-8d30-f83f6671dede",
"indicator--f3c7a756-4072-433f-8bbb-cc0c4d21d0c4",
"indicator--8bc9ac2a-9cae-4631-890a-31d9a4ffa146",
"indicator--81338ccc-1ddd-4d43-9ca3-5e3dce1ae129",
"indicator--f184ef82-f674-4f55-9fde-d8e5195a64ed",
"indicator--79dcb2ef-3723-4f6d-ade1-c9ffacba4d02",
"indicator--173b3b9b-6104-420e-863e-598af599efa1",
"indicator--7c960e90-cca3-4754-9d8c-143663179c94",
"indicator--cc5866e9-81ec-4956-8f4c-960ea859922a",
"indicator--9e4faf9e-822e-490c-aef6-70dc04411672",
"indicator--c5eb6907-322e-4b32-97a7-293a539fa05d",
"indicator--d79eb25d-b726-4719-8a54-56ac4396af3f",
"indicator--143ec3b0-0af1-40cb-8d2c-2bde6222fdcb",
"indicator--1f657410-e8c8-4277-9ed2-83fb8ae04fa5",
"indicator--e09b1e5d-1425-487b-a2e5-960caf80b04d",
"indicator--e4f21093-84dd-4862-b37b-3bc5ee18ea94",
"indicator--e3e1e26c-ef1e-42cd-a606-7ee75b457c6e",
"indicator--72afbb14-4393-420c-a9fe-16144bbd7a7c",
"indicator--30ab8781-7225-49f6-bfc6-fd485b6be520",
"indicator--fe02ce66-8a8d-4fe8-bb14-e077e5d36e75",
"indicator--70c162fc-fe93-49c4-89d1-4b2d446324ee",
"indicator--40646ad7-a147-4a8e-9d09-4f1af05ad3f3",
"indicator--b41a562d-45d4-4285-8371-cf047076be53",
"indicator--657e7f54-66b8-4e2c-8ef8-1f82e57e9253",
"indicator--a9f14d6c-a626-46fd-ba44-ba0228730252",
"indicator--b22becbc-b286-4fae-b81c-4f3dafffaa3d",
"indicator--78b2ee8c-b1ae-44c8-b06c-d51a1a6c6a7b",
"indicator--0d4a81e8-f801-4cfc-a1cd-d146a13ec0ca",
"indicator--d9ba3e0d-6751-4b95-b9c7-c594bb35bf5c",
"indicator--1c17a6bc-fbda-4b03-a44c-4dd76c76278b",
"indicator--54b7f0a7-b3c1-471a-a51f-59a4d3f872c4",
"indicator--210882c2-52d3-4c16-86db-f0f2a7d016cd",
"indicator--d3492ba3-6d21-4875-abcf-599d971630bf",
"indicator--ca8eaa5a-1cb0-4f76-bacc-009f34c28910",
"indicator--8bb0385f-29c8-47a1-8e64-9a3d7654c8d8",
"indicator--512dc9e4-39fd-483a-9c37-33732ff2fc2f",
"indicator--90fed0f9-30c3-405a-b140-5ae7b3bc0d00",
"indicator--513f4f23-5529-48e1-9dcb-92dedb518186",
"indicator--b3e64d81-deb3-4dc7-86fd-0f3beddaf946",
"indicator--ea1d9320-f2fb-4ff3-b6d1-f867dc2e7528",
"indicator--e5aecfb6-27a9-41c1-89d4-7cfbb86518b9",
"indicator--6a5a355d-2a5e-4ff2-b82a-a4638e7bf7f0",
"indicator--41fa73c2-4463-484a-ac6d-36c087791fd0",
"indicator--75029c0f-1302-4c59-a432-e841aaf98461",
"indicator--c4a58643-4056-423c-8b11-337ea18de2e9",
"indicator--9aff7ff2-2369-4b1b-bb20-2570b986e4f9",
"indicator--13fd34df-5fcb-4b01-becf-6d708e8a903f",
"indicator--a9af5349-77e8-4d0c-88b9-76278bb1634c",
"indicator--a82a85b1-ec4c-4ec4-acdd-004df0f50a4d",
"indicator--a08f04a8-b081-4865-a37a-1a27c07ea796",
"indicator--c8c5683e-82ae-49dc-b1a2-d1c1c18e6fbc",
"indicator--1fdeacac-2de6-45f7-80ab-d937cf50d05d",
"indicator--27fbefcc-37e4-4d1a-9cce-e93eb60cc969",
"indicator--3719f638-8a32-410f-a088-2ba92f75f901",
"indicator--6bb8f113-d066-4070-b65a-43197b5b41d1",
"indicator--ad15f4bb-8a55-4f57-ba0f-267060080e55",
"indicator--1a3119e1-ae80-405c-911d-b3f2aefadef9",
"indicator--f9884dcf-4510-4307-8f71-a72d3297f376",
"indicator--47b12b84-eeaa-4aa5-8cf7-afb439266806",
"indicator--2a24f995-126a-4713-9f6b-157225f2c83d",
"indicator--fc3b66b0-c894-4974-9e4c-23540d7bd952",
"indicator--d13b268d-e82e-4b75-92ed-1488eb7269e4",
"indicator--3ebae168-c560-48c7-a7de-0c09eccde1f6",
"indicator--ed99ba56-4c65-4416-af26-658b059c0afe",
"indicator--13906e4d-d2fb-43ff-b6c8-70a979c23083",
"indicator--d0f2aa83-36ff-4fd1-8e72-3f8d0d3bd20a",
"indicator--81996b71-19d5-4230-9a4a-6ed7d1f756ea",
"x-misp-object--c9f35ca0-b785-4690-8831-338c8eb35ffe"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:malpedia=\"Cobalt Strike\"",
"misp-galaxy:rat=\"Cobalt Strike\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6247385e-d35b-4fd3-8c5c-baf2f84ec1ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '192.119.111.117/cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b20a564e-edea-438a-ab8c-49ebf6ea252b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '192.119.111.117/match']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0baa683-497c-4b4c-a242-6b748b594795",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '192.119.111.117/cm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ad01ab3e-05cd-410f-ae6d-ad431b7c5391",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'http://scripts.completelyinnocuousdomain.com/updates.rss']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8c1cafb0-fabb-4e33-938e-a2fa092451d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'scripts.completelyinnocuousdomain.com/ptj']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--69a13af3-13ad-4574-a97a-ec8ba5a8b385",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '3.133.100.221/dot.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4ffa4e15-92de-43e4-912d-4cbd9b810095",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '3.133.100.221/cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--be0bc9b5-cb43-4e88-94a7-23fb0303cbc7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '129.226.15.142/pixel.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--42401926-71f9-4437-ab0c-642bf968f444",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'lsass.services/idle/1376547834/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1c801a83-ee84-4df1-9378-01c049e57b34",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'cs.yourintrinsichealth.com/dot.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b1e56d27-b249-4ec4-98cc-04c5928c67dc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'scripts.chickensdone.com/cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--02ba5d76-f74d-4f06-9c12-0a047bcfff99",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '167.179.78.159/cm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e779c3e6-fa4d-4e04-bb1c-708c6b3f1294",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '167.179.78.159/push']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9f957714-0da4-4ac1-88d0-3a20431c2fa4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'lsass.cloud/pixel']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a8be673c-93d2-4a54-b7e9-2463b5d326e4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'mesteratosr.me/api']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--98df11a4-30bf-4239-bfd5-7a2eeb29c303",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '185.162.235.111/pixel.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--93a70769-7a52-4887-ab34-0071cf841d73",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '185.162.235.111/en_US/all.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--978f68ff-525b-4f56-8140-bc43570aeab5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '185.162.235.111/j.ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3684c1ca-584c-426a-9d9e-681f90867371",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '172.19.178.93/ga.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--73858011-cfeb-4bcf-b858-99e669fa33a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '172.19.178.93/ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--128a4de7-f58e-4911-af65-d1e85013a1fc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'servupdates.com/ga.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3e59ec67-eade-4f38-ba38-c6e47a8104dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'servupdates.com/ptj']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--225a6ce9-329e-49b6-9d73-05a114c25683",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'servupdates.com/ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--122f14c6-4f21-4998-b1fc-2cca227b0139",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '142.202.205.57/updates.rss']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f60c090a-e650-4daa-925d-cf45d512a681",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '108.166.207.133/cm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--108854c1-afe8-4b20-a15c-018244cd6c2b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '108.166.207.133/pixel']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf648da5-93c9-46bb-8e2a-73d4fa736766",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '3.137.217.140/dot.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1be8eb51-2893-485e-821e-1ef77298bede",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'www.mssql.tk/cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb05844b-0223-4423-bb66-e745e3778486",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'www.mssql.tk/IE9CompatViewList.xml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eef1e52e-bae9-4514-8354-abdb52f49437",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '42.192.145.157/ga.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584a5077-c2b3-497e-9041-861d8dbe3ce0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '42.192.145.157/cm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--80c68e30-fbd9-4da3-9064-af5f11e90cbf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '42.192.145.157/IE9CompatViewList.xml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d5408b0b-5aad-4eb4-87e0-088a789f8ef3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '42.192.145.157/push']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9fc947ff-abfb-4805-a802-97e22cf42914",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '162.241.127.180/j.ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--506ebc8e-2a5b-4729-9edf-81ca17329e2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '104.247.196.106/cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--025a2340-dc3e-47c2-96a0-f91be7bb18f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '103.117.72.60/ptj']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3d346534-20c4-4377-b515-31aa5e5953d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'outlook-1.azureedge.net/static/css/main.d22d3525.chunk.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--69cf018a-1a8b-4ace-8d30-f83f6671dede",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'a93.xyz/IE9CompatViewList.xml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f3c7a756-4072-433f-8bbb-cc0c4d21d0c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '167.179.66.246/ptj']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8bc9ac2a-9cae-4631-890a-31d9a4ffa146",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = 'http://daiwa-cm-us.azureedge.net//ro13.64.101.24/ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81338ccc-1ddd-4d43-9ca3-5e3dce1ae129",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '145.249.106.134/ga.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f184ef82-f674-4f55-9fde-d8e5195a64ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '145.249.106.134/dpixel']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--79dcb2ef-3723-4f6d-ade1-c9ffacba4d02",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '145.249.106.134/cm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--173b3b9b-6104-420e-863e-598af599efa1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '218.253.251.89/fwlink']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7c960e90-cca3-4754-9d8c-143663179c94",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '194.5.249.55/dot.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cc5866e9-81ec-4956-8f4c-960ea859922a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '194.5.249.55/dpixel']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e4faf9e-822e-490c-aef6-70dc04411672",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '194.5.249.55/cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c5eb6907-322e-4b32-97a7-293a539fa05d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:42.000Z",
"modified": "2020-12-10T12:55:42.000Z",
"pattern": "[url:value = '47.104.91.8/en_US/all.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d79eb25d-b726-4719-8a54-56ac4396af3f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:43.000Z",
"modified": "2020-12-10T12:55:43.000Z",
"pattern": "[url:value = '47.104.91.8/fwlink']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--143ec3b0-0af1-40cb-8d2c-2bde6222fdcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:43.000Z",
"modified": "2020-12-10T12:55:43.000Z",
"pattern": "[url:value = '45.141.84.32/dpixel']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f657410-e8c8-4277-9ed2-83fb8ae04fa5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:43.000Z",
"modified": "2020-12-10T12:55:43.000Z",
"pattern": "[url:value = '45.141.84.32/visit.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e09b1e5d-1425-487b-a2e5-960caf80b04d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:55:43.000Z",
"modified": "2020-12-10T12:55:43.000Z",
"pattern": "[url:value = '45.141.84.32/IE9CompatViewList.xml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e4f21093-84dd-4862-b37b-3bc5ee18ea94",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '66.228.39.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e3e1e26c-ef1e-42cd-a606-7ee75b457c6e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '54.226.33.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--72afbb14-4393-420c-a9fe-16144bbd7a7c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '175.24.246.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--30ab8781-7225-49f6-bfc6-fd485b6be520",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '52.15.240.204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe02ce66-8a8d-4fe8-bb14-e077e5d36e75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '3.133.160.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--70c162fc-fe93-49c4-89d1-4b2d446324ee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.91.237.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--40646ad7-a147-4a8e-9d09-4f1af05ad3f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '167.179.78.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b41a562d-45d4-4285-8371-cf047076be53",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.57.104.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--657e7f54-66b8-4e2c-8ef8-1f82e57e9253",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.63.189.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a9f14d6c-a626-46fd-ba44-ba0228730252",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.155.49.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b22becbc-b286-4fae-b81c-4f3dafffaa3d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.33.77.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--78b2ee8c-b1ae-44c8-b06c-d51a1a6c6a7b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '193.168.147.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0d4a81e8-f801-4cfc-a1cd-d146a13ec0ca",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '154.209.86.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d9ba3e0d-6751-4b95-b9c7-c594bb35bf5c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.207.154.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1c17a6bc-fbda-4b03-a44c-4dd76c76278b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.162.235.111']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b7f0a7-b3c1-471a-a51f-59a4d3f872c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '122.51.197.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--210882c2-52d3-4c16-86db-f0f2a7d016cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '193.34.166.73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d3492ba3-6d21-4875-abcf-599d971630bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '152.32.253.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca8eaa5a-1cb0-4f76-bacc-009f34c28910",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.181.102.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8bb0385f-29c8-47a1-8e64-9a3d7654c8d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '142.202.205.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--512dc9e4-39fd-483a-9c37-33732ff2fc2f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '108.166.207.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--90fed0f9-30c3-405a-b140-5ae7b3bc0d00",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '3.137.217.140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--513f4f23-5529-48e1-9dcb-92dedb518186",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '121.4.69.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b3e64d81-deb3-4dc7-86fd-0f3beddaf946",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.96.9.238']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ea1d9320-f2fb-4ff3-b6d1-f867dc2e7528",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '148.70.139.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e5aecfb6-27a9-41c1-89d4-7cfbb86518b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.101.43.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6a5a355d-2a5e-4ff2-b82a-a4638e7bf7f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.97.65.242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--41fa73c2-4463-484a-ac6d-36c087791fd0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '42.192.145.157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--75029c0f-1302-4c59-a432-e841aaf98461",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '162.241.127.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c4a58643-4056-423c-8b11-337ea18de2e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '104.247.196.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9aff7ff2-2369-4b1b-bb20-2570b986e4f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '146.185.132.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--13fd34df-5fcb-4b01-becf-6d708e8a903f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.117.72.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a9af5349-77e8-4d0c-88b9-76278bb1634c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.189.183.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a82a85b1-ec4c-4ec4-acdd-004df0f50a4d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '167.99.200.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a08f04a8-b081-4865-a37a-1a27c07ea796",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:28.000Z",
"modified": "2020-12-10T12:56:28.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '167.179.66.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c8c5683e-82ae-49dc-b1a2-d1c1c18e6fbc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.180.199.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1fdeacac-2de6-45f7-80ab-d937cf50d05d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '13.64.101.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--27fbefcc-37e4-4d1a-9cce-e93eb60cc969",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.182.125.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3719f638-8a32-410f-a088-2ba92f75f901",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '106.14.94.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6bb8f113-d066-4070-b65a-43197b5b41d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '60.12.215.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ad15f4bb-8a55-4f57-ba0f-267060080e55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '145.249.106.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1a3119e1-ae80-405c-911d-b3f2aefadef9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '193.187.118.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f9884dcf-4510-4307-8f71-a72d3297f376",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '218.253.251.89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--47b12b84-eeaa-4aa5-8cf7-afb439266806",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '194.5.249.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2a24f995-126a-4713-9f6b-157225f2c83d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.104.91.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fc3b66b0-c894-4974-9e4c-23540d7bd952",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.107.41.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d13b268d-e82e-4b75-92ed-1488eb7269e4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.141.84.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3ebae168-c560-48c7-a7de-0c09eccde1f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '3.17.176.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ed99ba56-4c65-4416-af26-658b059c0afe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '111.229.51.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--13906e4d-d2fb-43ff-b6c8-70a979c23083",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '23.106.160.191']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0f2aa83-36ff-4fd1-8e72-3f8d0d3bd20a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '100.24.56.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81996b71-19d5-4230-9a4a-6ed7d1f756ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:56:29.000Z",
"modified": "2020-12-10T12:56:29.000Z",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.199.110.164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-10T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c9f35ca0-b785-4690-8831-338c8eb35ffe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-10T12:57:22.000Z",
"modified": "2020-12-10T12:57:22.000Z",
"labels": [
"misp:name=\"paste\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "origin",
"value": "pastebin.com",
"category": "Other",
"uuid": "8914c184-e266-48b8-bb4b-1d7ace03eda3"
},
{
"type": "text",
"object_relation": "title",
"value": "CobaltStrike C2s Dec2020_10",
"category": "Other",
"uuid": "7207e756-0071-499c-8009-0a576457e179"
},
{
"type": "text",
"object_relation": "username",
"value": "ImGlaCiuS",
"category": "Other",
"uuid": "fbdc9ea7-0eec-42b1-b3f3-38cc431b0556"
},
{
"type": "link",
"object_relation": "link",
"value": "https://pastebin.com/Svw5vMvm",
"category": "External analysis",
"uuid": "d810405f-4746-4046-8fff-f7f7bc91b66d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "paste"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink