adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/591d566d-3ec0-4195-adb2-9f28950d210f.json

1945 lines
No EOL
78 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--591d566d-3ec0-4195-adb2-9f28950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T11:30:40.000Z",
"modified": "2017-05-18T11:30:40.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--591d566d-3ec0-4195-adb2-9f28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T11:30:40.000Z",
"modified": "2017-05-18T11:30:40.000Z",
"name": "Invoice ###### 05/17/2017 from dontreply@random",
"published": "2017-05-18T11:32:19Z",
"object_refs": [
"indicator--591d566e-62ec-4abd-afc7-99a0950d210f",
"indicator--591d566f-19f4-4248-8fcb-c522950d210f",
"indicator--591d566f-652c-4398-8074-c520950d210f",
"indicator--591d5670-d1d8-4260-8674-c51c950d210f",
"indicator--591d5671-0dec-43e6-9433-a001950d210f",
"indicator--591d5672-5a04-495b-94ef-99a4950d210f",
"indicator--591d5673-d418-4ebc-bd4d-99a3950d210f",
"indicator--591d5673-5ff8-47f0-80d3-c51f950d210f",
"indicator--591d5674-c140-4f6e-bb6a-c525950d210f",
"indicator--591d5675-f1b4-4ea5-8309-c518950d210f",
"indicator--591d5676-3edc-4315-b274-c520950d210f",
"indicator--591d5677-5d30-464f-9cae-99a4950d210f",
"indicator--591d5678-a17c-4409-839d-c516950d210f",
"indicator--591d567a-f30c-4d86-98a5-c525950d210f",
"indicator--591d567b-8ef4-432c-9d56-c524950d210f",
"indicator--591d567c-df8c-4725-9176-c520950d210f",
"indicator--591d567c-9e1c-48a2-a284-a005950d210f",
"indicator--591d567d-9648-4540-9fda-c51f950d210f",
"indicator--591d567e-c210-4045-899b-c50f950d210f",
"indicator--591d567f-5a6c-4ab4-b74f-9f28950d210f",
"indicator--591d567f-0bf4-4c9b-bd65-c522950d210f",
"indicator--591d5680-b5c0-4717-93d9-c525950d210f",
"indicator--591d5681-c820-4a67-9e6e-c51c950d210f",
"indicator--591d5682-65ec-49eb-828e-99a3950d210f",
"indicator--591d5683-2460-40df-9bc5-a005950d210f",
"indicator--591d5684-da58-47dc-b71c-9f28950d210f",
"indicator--591d5684-3590-4187-b67a-c516950d210f",
"indicator--591d5685-2d9c-425a-8675-c51a950d210f",
"indicator--591d5686-cba4-4688-a059-c524950d210f",
"indicator--591d5687-8ec4-4fdf-bf9c-c51c950d210f",
"indicator--591d5687-c398-4836-9aba-9f05950d210f",
"indicator--591d5689-fb50-41a1-9c4e-c522950d210f",
"indicator--591d5689-f07c-460a-a550-c51a950d210f",
"indicator--591d568a-efe8-466d-9d75-a001950d210f",
"indicator--591d568b-8fc0-4477-b23f-99a4950d210f",
"indicator--591d568c-5480-445f-a906-99a3950d210f",
"indicator--591d568c-be8c-4963-8ff3-a005950d210f",
"indicator--591d568d-0eac-4d4c-bd6e-a004950d210f",
"indicator--591d568e-7604-4e46-b09a-c522950d210f",
"indicator--591d568f-e164-46d5-b8e8-c525950d210f",
"indicator--591d5690-1d74-450c-a151-c524950d210f",
"indicator--591d5690-f610-4604-9929-c523950d210f",
"indicator--591d5691-80c8-4e0d-90af-99a4950d210f",
"indicator--591d5692-4e4c-4071-890e-c51c950d210f",
"indicator--591d5693-4c1c-40a4-83b6-9f05950d210f",
"indicator--591d5693-d028-44a4-94a9-9f28950d210f",
"indicator--591d5695-5f28-40b5-9d2b-c525950d210f",
"indicator--591d5695-ed38-41e4-a25d-c523950d210f",
"indicator--591d5697-ae14-41fc-99e4-99a4950d210f",
"indicator--591d5698-6bc8-48cc-8a2f-c50f950d210f",
"indicator--591d5699-23c4-43df-9757-9f05950d210f",
"indicator--591d569a-04d0-4f56-ae42-c522950d210f",
"indicator--591d569b-e098-4072-ae21-c523950d210f",
"indicator--591d569b-f564-482b-90ab-c51f950d210f",
"indicator--591d569c-1cb8-4be4-9169-99a6950d210f",
"indicator--591d569d-2cc0-4494-8c0f-9f28950d210f",
"indicator--591d569e-bcec-42ff-9653-c522950d210f",
"indicator--591d569f-7540-44c6-a46a-99a4950d210f",
"indicator--591d56a0-3c60-4b15-82d4-a005950d210f",
"indicator--591d56a1-71c0-499d-a32d-9f28950d210f",
"indicator--591d56a3-f300-45b3-97b8-c522950d210f",
"indicator--591d56a6-1ef4-4f60-ad3f-99a4950d210f",
"indicator--591d56a6-fb98-44c0-8ff2-a004950d210f",
"indicator--591d56a7-b498-4f2c-94a2-9f05950d210f",
"indicator--591d56a8-3b6c-47d0-8804-c525950d210f",
"indicator--591d56a9-bd50-4f1f-861d-99a6950d210f",
"indicator--591d56aa-74dc-4c8e-a999-c516950d210f",
"indicator--591d56ab-0ad0-4d34-8554-99a0950d210f",
"indicator--591d56ab-d324-40da-aa6c-c522950d210f",
"indicator--591d56ac-2120-4a85-ba45-c520950d210f",
"indicator--591d56ad-fd60-4967-9f00-c50f950d210f",
"indicator--591d56ae-67a0-4b6d-b09b-c516950d210f",
"indicator--591d56af-ddb0-46ff-a49c-a005950d210f",
"indicator--591d56b0-2ee0-44b9-bb32-99a6950d210f",
"indicator--591d56b1-b190-4be1-a470-c51a950d210f",
"indicator--591d56b2-e3d8-457f-aee1-c516950d210f",
"indicator--591d56b5-37f0-4960-9a3d-c50f950d210f",
"observed-data--591d56b5-9bdc-4bc7-85ef-c51f950d210f",
"url--591d56b5-9bdc-4bc7-85ef-c51f950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Jaff\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d566e-62ec-4abd-afc7-99a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:14.000Z",
"modified": "2017-05-18T08:08:14.000Z",
"pattern": "[file:hashes.MD5 = '716165fb5e07ecc95d45e8761b10ab30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d566f-19f4-4248-8fcb-c522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:15.000Z",
"modified": "2017-05-18T08:08:15.000Z",
"pattern": "[file:hashes.MD5 = 'f3d9b2cb51e81d12ff3d5faaca231041']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d566f-652c-4398-8074-c520950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:15.000Z",
"modified": "2017-05-18T08:08:15.000Z",
"pattern": "[file:hashes.MD5 = '3f6c1a2735a8595cb1b03260bec9cb1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5670-d1d8-4260-8674-c51c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:16.000Z",
"modified": "2017-05-18T08:08:16.000Z",
"pattern": "[file:hashes.MD5 = '14d05276125e70d43e710ef186261c95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5671-0dec-43e6-9433-a001950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:17.000Z",
"modified": "2017-05-18T08:08:17.000Z",
"pattern": "[file:hashes.SHA256 = '86061f2ae8ba5250c38f20070ba446513918c23dfe35f0670ae555910a94c181']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5672-5a04-495b-94ef-99a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:18.000Z",
"modified": "2017-05-18T08:08:18.000Z",
"pattern": "[url:value = 'http://bbz-regeling.nl/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5673-d418-4ebc-bd4d-99a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:19.000Z",
"modified": "2017-05-18T08:08:19.000Z",
"pattern": "[domain-name:value = 'bbz-regeling.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5673-5ff8-47f0-80d3-c51f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:19.000Z",
"modified": "2017-05-18T08:08:19.000Z",
"description": "bbz-regeling.nl",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.87.184.212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5674-c140-4f6e-bb6a-c525950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:20.000Z",
"modified": "2017-05-18T08:08:20.000Z",
"pattern": "[url:value = 'http://blackempire.it/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5675-f1b4-4ea5-8309-c518950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:21.000Z",
"modified": "2017-05-18T08:08:21.000Z",
"pattern": "[domain-name:value = 'blackempire.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5676-3edc-4315-b274-c520950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:22.000Z",
"modified": "2017-05-18T08:08:22.000Z",
"description": "blackempire.it",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.18.226.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5677-5d30-464f-9cae-99a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:23.000Z",
"modified": "2017-05-18T08:08:23.000Z",
"pattern": "[url:value = 'http://diytp.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5678-a17c-4409-839d-c516950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:24.000Z",
"modified": "2017-05-18T08:08:24.000Z",
"pattern": "[domain-name:value = 'diytp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d567a-f30c-4d86-98a5-c525950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:26.000Z",
"modified": "2017-05-18T08:08:26.000Z",
"description": "diytp.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.115.89.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d567b-8ef4-432c-9d56-c524950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:27.000Z",
"modified": "2017-05-18T08:08:27.000Z",
"pattern": "[url:value = 'http://doppellutz.de/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d567c-df8c-4725-9176-c520950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:28.000Z",
"modified": "2017-05-18T08:08:28.000Z",
"pattern": "[domain-name:value = 'doppellutz.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d567c-9e1c-48a2-a284-a005950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:28.000Z",
"modified": "2017-05-18T08:08:28.000Z",
"description": "doppellutz.de",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d567d-9648-4540-9fda-c51f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:29.000Z",
"modified": "2017-05-18T08:08:29.000Z",
"pattern": "[url:value = 'http://easternmas.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d567e-c210-4045-899b-c50f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:30.000Z",
"modified": "2017-05-18T08:08:30.000Z",
"pattern": "[domain-name:value = 'easternmas.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d567f-5a6c-4ab4-b74f-9f28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:31.000Z",
"modified": "2017-05-18T08:08:31.000Z",
"description": "easternmas.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.121.5.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d567f-0bf4-4c9b-bd65-c522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:31.000Z",
"modified": "2017-05-18T08:08:31.000Z",
"pattern": "[url:value = 'http://edazhu.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5680-b5c0-4717-93d9-c525950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:32.000Z",
"modified": "2017-05-18T08:08:32.000Z",
"pattern": "[domain-name:value = 'edazhu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5681-c820-4a67-9e6e-c51c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:33.000Z",
"modified": "2017-05-18T08:08:33.000Z",
"description": "edazhu.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.149.239.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5682-65ec-49eb-828e-99a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:34.000Z",
"modified": "2017-05-18T08:08:34.000Z",
"pattern": "[url:value = 'http://estimatingservicesinc.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5683-2460-40df-9bc5-a005950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:35.000Z",
"modified": "2017-05-18T08:08:35.000Z",
"pattern": "[domain-name:value = 'estimatingservicesinc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5684-da58-47dc-b71c-9f28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:36.000Z",
"modified": "2017-05-18T08:08:36.000Z",
"description": "estimatingservicesinc.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.166.6.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5684-3590-4187-b67a-c516950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:36.000Z",
"modified": "2017-05-18T08:08:36.000Z",
"pattern": "[url:value = 'http://evasalome.nl/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5685-2d9c-425a-8675-c51a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:37.000Z",
"modified": "2017-05-18T08:08:37.000Z",
"pattern": "[domain-name:value = 'evasalome.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5686-cba4-4688-a059-c524950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:38.000Z",
"modified": "2017-05-18T08:08:38.000Z",
"description": "evasalome.nl",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.213.164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5687-8ec4-4fdf-bf9c-c51c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:39.000Z",
"modified": "2017-05-18T08:08:39.000Z",
"pattern": "[url:value = 'http://herrossoidffr6644qa.top/af/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5687-c398-4836-9aba-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:39.000Z",
"modified": "2017-05-18T08:08:39.000Z",
"pattern": "[domain-name:value = 'herrossoidffr6644qa.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5689-fb50-41a1-9c4e-c522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:41.000Z",
"modified": "2017-05-18T08:08:41.000Z",
"description": "herrossoidffr6644qa.top",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '34.209.214.237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5689-f07c-460a-a550-c51a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:41.000Z",
"modified": "2017-05-18T08:08:41.000Z",
"pattern": "[url:value = 'http://kezakotheatre.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d568a-efe8-466d-9d75-a001950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:42.000Z",
"modified": "2017-05-18T08:08:42.000Z",
"pattern": "[domain-name:value = 'kezakotheatre.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d568b-8fc0-4477-b23f-99a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:43.000Z",
"modified": "2017-05-18T08:08:43.000Z",
"description": "kezakotheatre.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.88.57.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d568c-5480-445f-a906-99a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:44.000Z",
"modified": "2017-05-18T08:08:44.000Z",
"pattern": "[url:value = 'http://monowheels.ru/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d568c-be8c-4963-8ff3-a005950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:44.000Z",
"modified": "2017-05-18T08:08:44.000Z",
"pattern": "[domain-name:value = 'monowheels.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d568d-0eac-4d4c-bd6e-a004950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:45.000Z",
"modified": "2017-05-18T08:08:45.000Z",
"description": "monowheels.ru",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.162.100.191']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d568e-7604-4e46-b09a-c522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:46.000Z",
"modified": "2017-05-18T08:08:46.000Z",
"pattern": "[url:value = 'http://oylumsut.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d568f-e164-46d5-b8e8-c525950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:47.000Z",
"modified": "2017-05-18T08:08:47.000Z",
"pattern": "[domain-name:value = 'oylumsut.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5690-1d74-450c-a151-c524950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:48.000Z",
"modified": "2017-05-18T08:08:48.000Z",
"description": "oylumsut.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.230.111.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5690-f610-4604-9929-c523950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:48.000Z",
"modified": "2017-05-18T08:08:48.000Z",
"pattern": "[url:value = 'http://peryskop.biz/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5691-80c8-4e0d-90af-99a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:49.000Z",
"modified": "2017-05-18T08:08:49.000Z",
"pattern": "[domain-name:value = 'peryskop.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5692-4e4c-4071-890e-c51c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:50.000Z",
"modified": "2017-05-18T08:08:50.000Z",
"description": "peryskop.biz",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.43.113.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5693-4c1c-40a4-83b6-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:51.000Z",
"modified": "2017-05-18T08:08:51.000Z",
"pattern": "[url:value = 'http://pta-babel.net/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5693-d028-44a4-94a9-9f28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:51.000Z",
"modified": "2017-05-18T08:08:51.000Z",
"pattern": "[domain-name:value = 'pta-babel.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5695-5f28-40b5-9d2b-c525950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:53.000Z",
"modified": "2017-05-18T08:08:53.000Z",
"description": "pta-babel.net",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.247.9.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5695-ed38-41e4-a25d-c523950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:53.000Z",
"modified": "2017-05-18T08:08:53.000Z",
"pattern": "[url:value = 'http://sjffonrvcik45bd.info/af/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5697-ae14-41fc-99e4-99a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:55.000Z",
"modified": "2017-05-18T08:08:55.000Z",
"pattern": "[domain-name:value = 'sjffonrvcik45bd.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5698-6bc8-48cc-8a2f-c50f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:56.000Z",
"modified": "2017-05-18T08:08:56.000Z",
"pattern": "[url:value = 'http://taure.cz/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d5699-23c4-43df-9757-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:57.000Z",
"modified": "2017-05-18T08:08:57.000Z",
"pattern": "[domain-name:value = 'taure.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d569a-04d0-4f56-ae42-c522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:58.000Z",
"modified": "2017-05-18T08:08:58.000Z",
"description": "taure.cz",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.185.104.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d569b-e098-4072-ae21-c523950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:59.000Z",
"modified": "2017-05-18T08:08:59.000Z",
"pattern": "[url:value = 'http://tenda.it/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d569b-f564-482b-90ab-c51f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:08:59.000Z",
"modified": "2017-05-18T08:08:59.000Z",
"pattern": "[domain-name:value = 'tenda.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:08:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d569c-1cb8-4be4-9169-99a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:00.000Z",
"modified": "2017-05-18T08:09:00.000Z",
"description": "tenda.it",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.159.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d569d-2cc0-4494-8c0f-9f28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:01.000Z",
"modified": "2017-05-18T08:09:01.000Z",
"pattern": "[url:value = 'http://texaslandandlifestyle.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d569e-bcec-42ff-9653-c522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:02.000Z",
"modified": "2017-05-18T08:09:02.000Z",
"pattern": "[domain-name:value = 'texaslandandlifestyle.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d569f-7540-44c6-a46a-99a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:03.000Z",
"modified": "2017-05-18T08:09:03.000Z",
"description": "texaslandandlifestyle.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.154.161.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56a0-3c60-4b15-82d4-a005950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:04.000Z",
"modified": "2017-05-18T08:09:04.000Z",
"description": "texaslandandlifestyle.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.154.168.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56a1-71c0-499d-a32d-9f28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:05.000Z",
"modified": "2017-05-18T08:09:05.000Z",
"pattern": "[url:value = 'http://tvapps.ir/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56a3-f300-45b3-97b8-c522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:07.000Z",
"modified": "2017-05-18T08:09:07.000Z",
"pattern": "[domain-name:value = 'tvapps.ir']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56a6-1ef4-4f60-ad3f-99a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:10.000Z",
"modified": "2017-05-18T08:09:10.000Z",
"description": "tvapps.ir",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.61.25.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56a6-fb98-44c0-8ff2-a004950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:10.000Z",
"modified": "2017-05-18T08:09:10.000Z",
"pattern": "[url:value = 'http://unykmodels.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56a7-b498-4f2c-94a2-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:11.000Z",
"modified": "2017-05-18T08:09:11.000Z",
"pattern": "[domain-name:value = 'unykmodels.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56a8-3b6c-47d0-8804-c525950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:12.000Z",
"modified": "2017-05-18T08:09:12.000Z",
"description": "unykmodels.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '143.95.74.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56a9-bd50-4f1f-861d-99a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:13.000Z",
"modified": "2017-05-18T08:09:13.000Z",
"pattern": "[url:value = 'http://westprod.fr/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56aa-74dc-4c8e-a999-c516950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:14.000Z",
"modified": "2017-05-18T08:09:14.000Z",
"pattern": "[domain-name:value = 'westprod.fr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56ab-0ad0-4d34-8554-99a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:15.000Z",
"modified": "2017-05-18T08:09:15.000Z",
"description": "westprod.fr",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.246.39.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56ab-d324-40da-aa6c-c522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:15.000Z",
"modified": "2017-05-18T08:09:15.000Z",
"pattern": "[url:value = 'http://ws500.net/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56ac-2120-4a85-ba45-c520950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:16.000Z",
"modified": "2017-05-18T08:09:16.000Z",
"pattern": "[domain-name:value = 'ws500.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56ad-fd60-4967-9f00-c50f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:17.000Z",
"modified": "2017-05-18T08:09:17.000Z",
"description": "ws500.net",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.19.169.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56ae-67a0-4b6d-b09b-c516950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:18.000Z",
"modified": "2017-05-18T08:09:18.000Z",
"pattern": "[url:value = 'http://wxklfy.com/hjt67t']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56af-ddb0-46ff-a49c-a005950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:19.000Z",
"modified": "2017-05-18T08:09:19.000Z",
"pattern": "[domain-name:value = 'wxklfy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56b0-2ee0-44b9-bb32-99a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:20.000Z",
"modified": "2017-05-18T08:09:20.000Z",
"description": "wxklfy.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.224.248.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56b1-b190-4be1-a470-c51a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:21.000Z",
"modified": "2017-05-18T08:09:21.000Z",
"pattern": "[url:value = 'http://eesiiuroffde445.com/a5/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56b2-e3d8-457f-aee1-c516950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:22.000Z",
"modified": "2017-05-18T08:09:22.000Z",
"pattern": "[domain-name:value = 'eesiiuroffde445.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591d56b5-37f0-4960-9a3d-c50f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:25.000Z",
"modified": "2017-05-18T08:09:25.000Z",
"description": "eesiiuroffde445.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.91.107.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-18T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--591d56b5-9bdc-4bc7-85ef-c51f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T08:09:25.000Z",
"modified": "2017-05-18T08:09:25.000Z",
"first_observed": "2017-05-18T08:09:25Z",
"last_observed": "2017-05-18T08:09:25Z",
"number_observed": 1,
"object_refs": [
"url--591d56b5-9bdc-4bc7-85ef-c51f950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--591d56b5-9bdc-4bc7-85ef-c51f950d210f",
"value": "https://www.virustotal.com/en/url/86061f2ae8ba5250c38f20070ba446513918c23dfe35f0670ae555910a94c181/analysis/1495024235/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink