4142 lines
No EOL
165 KiB
JSON
4142 lines
No EOL
165 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--596f5959-4fd4-4d5c-9878-46e3950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:52.000Z",
|
|
"modified": "2017-07-19T13:20:52.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--596f5959-4fd4-4d5c-9878-46e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:52.000Z",
|
|
"modified": "2017-07-19T13:20:52.000Z",
|
|
"name": "M2M - Trickbot 2017-07-19 : mac1 : \"12345678 - True\n Telecom Invoice for June 2017\" - \"2017-06-Bill.PDF\"",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"indicator--596f5959-5868-4caf-b7cc-4b21950d210f",
|
|
"indicator--596f595a-9750-40b7-870c-4445950d210f",
|
|
"indicator--596f595a-b2e0-4390-9955-4fb5950d210f",
|
|
"indicator--596f595a-d1ac-4178-ae43-4f59950d210f",
|
|
"observed-data--596f595b-3ad8-4f64-b362-4170950d210f",
|
|
"network-traffic--596f595b-3ad8-4f64-b362-4170950d210f",
|
|
"ipv4-addr--596f595b-3ad8-4f64-b362-4170950d210f",
|
|
"indicator--596f595b-dc3c-43c8-9214-178c950d210f",
|
|
"indicator--596f595b-cbbc-41ed-9dfd-4cc5950d210f",
|
|
"observed-data--596f595b-3680-41f5-8c88-4d3c950d210f",
|
|
"network-traffic--596f595b-3680-41f5-8c88-4d3c950d210f",
|
|
"ipv4-addr--596f595b-3680-41f5-8c88-4d3c950d210f",
|
|
"observed-data--596f595b-ce14-4638-80f9-19ef950d210f",
|
|
"network-traffic--596f595b-ce14-4638-80f9-19ef950d210f",
|
|
"ipv4-addr--596f595b-ce14-4638-80f9-19ef950d210f",
|
|
"indicator--596f595b-e4f8-40ee-a785-47e0950d210f",
|
|
"indicator--596f595c-8394-4c57-9148-4190950d210f",
|
|
"observed-data--596f595c-85e8-493d-b029-1864950d210f",
|
|
"network-traffic--596f595c-85e8-493d-b029-1864950d210f",
|
|
"ipv4-addr--596f595c-85e8-493d-b029-1864950d210f",
|
|
"indicator--596f595c-24a0-4abd-9083-447e950d210f",
|
|
"indicator--596f595d-349c-491d-bdc7-1ab5950d210f",
|
|
"observed-data--596f595d-9be4-4c27-b5e5-4821950d210f",
|
|
"network-traffic--596f595d-9be4-4c27-b5e5-4821950d210f",
|
|
"ipv4-addr--596f595d-9be4-4c27-b5e5-4821950d210f",
|
|
"indicator--596f595d-6b0c-4497-8139-1859950d210f",
|
|
"indicator--596f595d-75ac-4540-8ff9-4556950d210f",
|
|
"observed-data--596f595e-1bc0-4bd8-a52a-472d950d210f",
|
|
"network-traffic--596f595e-1bc0-4bd8-a52a-472d950d210f",
|
|
"ipv4-addr--596f595e-1bc0-4bd8-a52a-472d950d210f",
|
|
"indicator--596f595e-7828-44d4-a1e3-461c950d210f",
|
|
"indicator--596f595e-166c-4a87-b7a7-4ef7950d210f",
|
|
"observed-data--596f595e-ebb8-4e8b-9604-4516950d210f",
|
|
"network-traffic--596f595e-ebb8-4e8b-9604-4516950d210f",
|
|
"ipv4-addr--596f595e-ebb8-4e8b-9604-4516950d210f",
|
|
"indicator--596f595f-63ac-41a6-8551-4ec8950d210f",
|
|
"indicator--596f595f-3c14-48d1-8935-178c950d210f",
|
|
"observed-data--596f595f-1ee8-48bc-8a13-4acf950d210f",
|
|
"network-traffic--596f595f-1ee8-48bc-8a13-4acf950d210f",
|
|
"ipv4-addr--596f595f-1ee8-48bc-8a13-4acf950d210f",
|
|
"indicator--596f595f-5ce0-47a4-abe1-45fb950d210f",
|
|
"indicator--596f595f-74d0-47f0-b044-47ec950d210f",
|
|
"observed-data--596f5960-5c48-4639-bc5d-44af950d210f",
|
|
"network-traffic--596f5960-5c48-4639-bc5d-44af950d210f",
|
|
"ipv4-addr--596f5960-5c48-4639-bc5d-44af950d210f",
|
|
"indicator--596f5960-6ae4-4f2d-84b0-43d0950d210f",
|
|
"indicator--596f5960-5a40-404e-85b7-1ab5950d210f",
|
|
"observed-data--596f5960-2c88-40a8-b84c-48e3950d210f",
|
|
"network-traffic--596f5960-2c88-40a8-b84c-48e3950d210f",
|
|
"ipv4-addr--596f5960-2c88-40a8-b84c-48e3950d210f",
|
|
"indicator--596f5961-f850-41ef-8171-1859950d210f",
|
|
"indicator--596f5961-6cb4-413f-b7f4-49d4950d210f",
|
|
"observed-data--596f5961-cda0-4f62-9340-4f91950d210f",
|
|
"network-traffic--596f5961-cda0-4f62-9340-4f91950d210f",
|
|
"ipv4-addr--596f5961-cda0-4f62-9340-4f91950d210f",
|
|
"observed-data--596f5961-64b8-4c73-ab2c-4584950d210f",
|
|
"network-traffic--596f5961-64b8-4c73-ab2c-4584950d210f",
|
|
"ipv4-addr--596f5961-64b8-4c73-ab2c-4584950d210f",
|
|
"indicator--596f5962-6b28-4ac6-89f3-4368950d210f",
|
|
"indicator--596f5962-0a6c-4216-bba3-4853950d210f",
|
|
"observed-data--596f5963-47b0-4b55-a119-495c950d210f",
|
|
"network-traffic--596f5963-47b0-4b55-a119-495c950d210f",
|
|
"ipv4-addr--596f5963-47b0-4b55-a119-495c950d210f",
|
|
"indicator--596f5963-5a3c-4baa-a563-178c950d210f",
|
|
"indicator--596f5963-af3c-4b39-924b-435c950d210f",
|
|
"observed-data--596f5964-3cb8-4781-a270-4eec950d210f",
|
|
"network-traffic--596f5964-3cb8-4781-a270-4eec950d210f",
|
|
"ipv4-addr--596f5964-3cb8-4781-a270-4eec950d210f",
|
|
"indicator--596f5964-2760-4661-a3ec-19ef950d210f",
|
|
"indicator--596f5964-b6e0-40e6-a2ab-4f4e950d210f",
|
|
"observed-data--596f5964-cf84-462d-9f0e-4686950d210f",
|
|
"network-traffic--596f5964-cf84-462d-9f0e-4686950d210f",
|
|
"ipv4-addr--596f5964-cf84-462d-9f0e-4686950d210f",
|
|
"indicator--596f5964-9ff4-4379-9d8b-4183950d210f",
|
|
"indicator--596f5964-b7cc-40f5-9713-1ab5950d210f",
|
|
"observed-data--596f5966-31a8-45b6-8ebd-4b6d950d210f",
|
|
"network-traffic--596f5966-31a8-45b6-8ebd-4b6d950d210f",
|
|
"ipv4-addr--596f5966-31a8-45b6-8ebd-4b6d950d210f",
|
|
"indicator--596f5966-32c8-4110-a18e-1859950d210f",
|
|
"indicator--596f5966-5550-4a73-89a6-44e5950d210f",
|
|
"observed-data--596f5967-d0ac-4c4b-a200-458c950d210f",
|
|
"network-traffic--596f5967-d0ac-4c4b-a200-458c950d210f",
|
|
"ipv4-addr--596f5967-d0ac-4c4b-a200-458c950d210f",
|
|
"indicator--596f5967-706c-4539-a3cb-43eb950d210f",
|
|
"indicator--596f5967-4fb0-4068-9d62-4006950d210f",
|
|
"observed-data--596f5967-a298-4c46-bb52-4723950d210f",
|
|
"network-traffic--596f5967-a298-4c46-bb52-4723950d210f",
|
|
"ipv4-addr--596f5967-a298-4c46-bb52-4723950d210f",
|
|
"indicator--596f5967-089c-4a6d-9208-178c950d210f",
|
|
"indicator--596f5968-ff38-48af-9b74-4286950d210f",
|
|
"observed-data--596f5968-291c-468a-b300-1a21950d210f",
|
|
"network-traffic--596f5968-291c-468a-b300-1a21950d210f",
|
|
"ipv4-addr--596f5968-291c-468a-b300-1a21950d210f",
|
|
"indicator--596f5969-3f80-41a7-8272-4dd5950d210f",
|
|
"indicator--596f5969-4990-48bc-aaff-19ef950d210f",
|
|
"observed-data--596f5969-96d8-43a4-8c1b-4e34950d210f",
|
|
"network-traffic--596f5969-96d8-43a4-8c1b-4e34950d210f",
|
|
"ipv4-addr--596f5969-96d8-43a4-8c1b-4e34950d210f",
|
|
"indicator--596f5969-f580-4154-b53e-434a950d210f",
|
|
"indicator--596f5969-7684-45ea-b543-47ab950d210f",
|
|
"observed-data--596f596a-96dc-4338-8e9e-1ab5950d210f",
|
|
"network-traffic--596f596a-96dc-4338-8e9e-1ab5950d210f",
|
|
"ipv4-addr--596f596a-96dc-4338-8e9e-1ab5950d210f",
|
|
"indicator--596f596a-52dc-4e35-9e84-49a7950d210f",
|
|
"indicator--596f596a-61d4-497d-af65-1859950d210f",
|
|
"observed-data--596f596b-4ae4-403d-a4d0-4b5d950d210f",
|
|
"network-traffic--596f596b-4ae4-403d-a4d0-4b5d950d210f",
|
|
"ipv4-addr--596f596b-4ae4-403d-a4d0-4b5d950d210f",
|
|
"indicator--596f596c-a400-4a21-a2ee-4a40950d210f",
|
|
"indicator--596f596c-4888-47f8-8c81-482d950d210f",
|
|
"observed-data--596f596c-63c4-4e9c-bf95-419e950d210f",
|
|
"network-traffic--596f596c-63c4-4e9c-bf95-419e950d210f",
|
|
"ipv4-addr--596f596c-63c4-4e9c-bf95-419e950d210f",
|
|
"indicator--596f596c-3f30-4d54-a22d-4827950d210f",
|
|
"indicator--596f596c-46c8-47d5-8187-178c950d210f",
|
|
"observed-data--596f596c-c830-4ca4-80d8-4464950d210f",
|
|
"network-traffic--596f596c-c830-4ca4-80d8-4464950d210f",
|
|
"ipv4-addr--596f596c-c830-4ca4-80d8-4464950d210f",
|
|
"indicator--596f596d-c9a8-4b82-b8f9-1a21950d210f",
|
|
"indicator--596f596d-484c-4ff0-8649-488f950d210f",
|
|
"observed-data--596f596d-ea68-448a-9bc7-19ef950d210f",
|
|
"network-traffic--596f596d-ea68-448a-9bc7-19ef950d210f",
|
|
"ipv4-addr--596f596d-ea68-448a-9bc7-19ef950d210f",
|
|
"indicator--596f596d-eb1c-4e1b-9979-41ba950d210f",
|
|
"indicator--596f596d-01c0-46b4-9ad1-4d40950d210f",
|
|
"observed-data--596f596e-fa2c-4003-ab66-44b7950d210f",
|
|
"network-traffic--596f596e-fa2c-4003-ab66-44b7950d210f",
|
|
"ipv4-addr--596f596e-fa2c-4003-ab66-44b7950d210f",
|
|
"indicator--596f596e-99e4-4232-b19c-1ab5950d210f",
|
|
"indicator--596f596e-ca2c-4fd9-a99e-4679950d210f",
|
|
"observed-data--596f596f-4814-4764-9550-1859950d210f",
|
|
"network-traffic--596f596f-4814-4764-9550-1859950d210f",
|
|
"ipv4-addr--596f596f-4814-4764-9550-1859950d210f",
|
|
"indicator--596f596f-cb50-4198-ab06-4699950d210f",
|
|
"indicator--596f596f-0a08-4d60-82d6-453b950d210f",
|
|
"observed-data--596f5970-d804-41c1-8be9-42ea950d210f",
|
|
"network-traffic--596f5970-d804-41c1-8be9-42ea950d210f",
|
|
"ipv4-addr--596f5970-d804-41c1-8be9-42ea950d210f",
|
|
"indicator--596f5970-4e1c-4493-ac0a-41d9950d210f",
|
|
"indicator--596f5970-e8bc-49da-becc-4875950d210f",
|
|
"observed-data--596f5970-c6a8-47ac-b332-178c950d210f",
|
|
"network-traffic--596f5970-c6a8-47ac-b332-178c950d210f",
|
|
"ipv4-addr--596f5970-c6a8-47ac-b332-178c950d210f",
|
|
"indicator--596f5971-10f4-4f94-af5a-4a72950d210f",
|
|
"indicator--596f5971-7314-44e1-a767-1a21950d210f",
|
|
"observed-data--596f5971-a4ac-41b9-84c4-417c950d210f",
|
|
"network-traffic--596f5971-a4ac-41b9-84c4-417c950d210f",
|
|
"ipv4-addr--596f5971-a4ac-41b9-84c4-417c950d210f",
|
|
"indicator--596f5971-42f0-49da-ab6c-19ef950d210f",
|
|
"indicator--596f5971-64a0-44b9-95a7-4048950d210f",
|
|
"observed-data--596f5974-05c8-46bd-9014-4d6a950d210f",
|
|
"network-traffic--596f5974-05c8-46bd-9014-4d6a950d210f",
|
|
"ipv4-addr--596f5974-05c8-46bd-9014-4d6a950d210f",
|
|
"indicator--596f5974-fea8-469d-8f97-4641950d210f",
|
|
"indicator--596f5974-3f34-4c9c-bbef-1ab5950d210f",
|
|
"observed-data--596f5976-c8d8-403d-b7f2-4a1f950d210f",
|
|
"network-traffic--596f5976-c8d8-403d-b7f2-4a1f950d210f",
|
|
"ipv4-addr--596f5976-c8d8-403d-b7f2-4a1f950d210f",
|
|
"indicator--596f5976-316c-42cc-bd53-48f0950d210f",
|
|
"indicator--596f5976-5664-42c0-8fdb-1859950d210f",
|
|
"observed-data--596f5977-ed44-4271-b987-453e950d210f",
|
|
"network-traffic--596f5977-ed44-4271-b987-453e950d210f",
|
|
"ipv4-addr--596f5977-ed44-4271-b987-453e950d210f",
|
|
"indicator--596f5977-4794-43cd-bdd6-4d02950d210f",
|
|
"indicator--596f5977-33f4-4a98-ae71-4d77950d210f",
|
|
"observed-data--596f5977-cf04-4a91-b095-491b950d210f",
|
|
"network-traffic--596f5977-cf04-4a91-b095-491b950d210f",
|
|
"ipv4-addr--596f5977-cf04-4a91-b095-491b950d210f",
|
|
"indicator--596f5978-0c14-4c17-b6ed-4323950d210f",
|
|
"indicator--596f5978-5504-4237-9701-178c950d210f",
|
|
"observed-data--596f5978-d1bc-4992-a0b3-4ec8950d210f",
|
|
"network-traffic--596f5978-d1bc-4992-a0b3-4ec8950d210f",
|
|
"ipv4-addr--596f5978-d1bc-4992-a0b3-4ec8950d210f",
|
|
"indicator--596f5978-ac20-42cf-8815-1a21950d210f",
|
|
"indicator--596f5978-7a8c-4f79-b36b-4092950d210f",
|
|
"indicator--596f5979-60c8-4734-bba1-4a02950d210f",
|
|
"indicator--596f5979-f7bc-4756-8d9f-4161950d210f",
|
|
"observed-data--596f5979-dc74-4550-bffb-407a950d210f",
|
|
"network-traffic--596f5979-dc74-4550-bffb-407a950d210f",
|
|
"ipv4-addr--596f5979-dc74-4550-bffb-407a950d210f",
|
|
"indicator--596f5979-18b4-49d8-a955-42c6950d210f",
|
|
"indicator--596f5979-2b00-40e3-a588-1ab5950d210f",
|
|
"observed-data--596f597a-1b80-415d-b14b-4ed2950d210f",
|
|
"network-traffic--596f597a-1b80-415d-b14b-4ed2950d210f",
|
|
"ipv4-addr--596f597a-1b80-415d-b14b-4ed2950d210f",
|
|
"indicator--596f597a-f9d0-4b26-9482-1859950d210f",
|
|
"indicator--596f597a-6fec-484b-9b8a-44be950d210f",
|
|
"observed-data--596f597b-c818-4075-a445-42d6950d210f",
|
|
"network-traffic--596f597b-c818-4075-a445-42d6950d210f",
|
|
"ipv4-addr--596f597b-c818-4075-a445-42d6950d210f",
|
|
"indicator--596f597b-c410-4ed8-8509-4293950d210f",
|
|
"indicator--596f597b-1374-4e3f-94df-4fe0950d210f",
|
|
"observed-data--596f597b-bae4-4892-bce0-178c950d210f",
|
|
"network-traffic--596f597b-bae4-4892-bce0-178c950d210f",
|
|
"ipv4-addr--596f597b-bae4-4892-bce0-178c950d210f",
|
|
"observed-data--596f597b-0b44-4056-b97e-4bff950d210f",
|
|
"network-traffic--596f597b-0b44-4056-b97e-4bff950d210f",
|
|
"ipv4-addr--596f597b-0b44-4056-b97e-4bff950d210f",
|
|
"observed-data--596f597b-1028-40b1-aec7-1a21950d210f",
|
|
"network-traffic--596f597b-1028-40b1-aec7-1a21950d210f",
|
|
"ipv4-addr--596f597b-1028-40b1-aec7-1a21950d210f",
|
|
"observed-data--596f597c-a210-458a-aa84-402b950d210f",
|
|
"network-traffic--596f597c-a210-458a-aa84-402b950d210f",
|
|
"ipv4-addr--596f597c-a210-458a-aa84-402b950d210f",
|
|
"observed-data--596f597c-c630-4ca8-84bf-19ef950d210f",
|
|
"network-traffic--596f597c-c630-4ca8-84bf-19ef950d210f",
|
|
"ipv4-addr--596f597c-c630-4ca8-84bf-19ef950d210f",
|
|
"observed-data--596f597c-a794-4075-a768-4658950d210f",
|
|
"network-traffic--596f597c-a794-4075-a768-4658950d210f",
|
|
"ipv4-addr--596f597c-a794-4075-a768-4658950d210f",
|
|
"observed-data--596f597c-27e0-4e79-8853-4668950d210f",
|
|
"network-traffic--596f597c-27e0-4e79-8853-4668950d210f",
|
|
"ipv4-addr--596f597c-27e0-4e79-8853-4668950d210f",
|
|
"observed-data--596f597d-1930-44a9-a767-4a31950d210f",
|
|
"network-traffic--596f597d-1930-44a9-a767-4a31950d210f",
|
|
"ipv4-addr--596f597d-1930-44a9-a767-4a31950d210f",
|
|
"observed-data--596f597d-b3a4-47b6-a332-49f6950d210f",
|
|
"network-traffic--596f597d-b3a4-47b6-a332-49f6950d210f",
|
|
"ipv4-addr--596f597d-b3a4-47b6-a332-49f6950d210f",
|
|
"observed-data--596f597d-ff7c-48ad-8829-1ab5950d210f",
|
|
"network-traffic--596f597d-ff7c-48ad-8829-1ab5950d210f",
|
|
"ipv4-addr--596f597d-ff7c-48ad-8829-1ab5950d210f",
|
|
"observed-data--596f597d-6b74-405f-9ca3-4931950d210f",
|
|
"network-traffic--596f597d-6b74-405f-9ca3-4931950d210f",
|
|
"ipv4-addr--596f597d-6b74-405f-9ca3-4931950d210f",
|
|
"observed-data--596f597e-7080-4cdf-9aee-4387950d210f",
|
|
"network-traffic--596f597e-7080-4cdf-9aee-4387950d210f",
|
|
"ipv4-addr--596f597e-7080-4cdf-9aee-4387950d210f",
|
|
"observed-data--596f597e-8ef0-43ef-a592-1859950d210f",
|
|
"network-traffic--596f597e-8ef0-43ef-a592-1859950d210f",
|
|
"ipv4-addr--596f597e-8ef0-43ef-a592-1859950d210f",
|
|
"observed-data--596f597e-ca90-4f9a-9c09-4a37950d210f",
|
|
"network-traffic--596f597e-ca90-4f9a-9c09-4a37950d210f",
|
|
"ipv4-addr--596f597e-ca90-4f9a-9c09-4a37950d210f",
|
|
"observed-data--596f597e-187c-4910-a4e9-4372950d210f",
|
|
"network-traffic--596f597e-187c-4910-a4e9-4372950d210f",
|
|
"ipv4-addr--596f597e-187c-4910-a4e9-4372950d210f",
|
|
"observed-data--596f597f-7308-442a-8491-44fe950d210f",
|
|
"network-traffic--596f597f-7308-442a-8491-44fe950d210f",
|
|
"ipv4-addr--596f597f-7308-442a-8491-44fe950d210f",
|
|
"observed-data--596f597f-e590-4a9d-b7ef-4a75950d210f",
|
|
"network-traffic--596f597f-e590-4a9d-b7ef-4a75950d210f",
|
|
"ipv4-addr--596f597f-e590-4a9d-b7ef-4a75950d210f",
|
|
"observed-data--596f597f-0a60-475c-a891-178c950d210f",
|
|
"network-traffic--596f597f-0a60-475c-a891-178c950d210f",
|
|
"ipv4-addr--596f597f-0a60-475c-a891-178c950d210f",
|
|
"indicator--596f5cac-8374-4e01-bb15-186302de0b81",
|
|
"indicator--596f5cac-9c14-4d0d-ba3a-186302de0b81",
|
|
"observed-data--596f5cac-7ff8-4593-9c66-186302de0b81",
|
|
"url--596f5cac-7ff8-4593-9c66-186302de0b81",
|
|
"indicator--596f5cac-d6d8-48ac-bcfd-186302de0b81",
|
|
"indicator--596f5cac-b6d4-4bbd-8796-186302de0b81",
|
|
"observed-data--596f5cac-a2a4-4ffa-b041-186302de0b81",
|
|
"url--596f5cac-a2a4-4ffa-b041-186302de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:tool=\"Trick Bot\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5959-5868-4caf-b7cc-4b21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '89eae47c0fe12a7409dc42304dbb737f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595a-9750-40b7-870c-4445950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f9650f8f6d8953dbfef206a4783cdd56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595a-b2e0-4390-9955-4fb5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://aarontax.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595a-d1ac-4178-ae43-4f59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'aarontax.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f595b-3ad8-4f64-b362-4170950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f595b-3ad8-4f64-b362-4170950d210f",
|
|
"ipv4-addr--596f595b-3ad8-4f64-b362-4170950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f595b-3ad8-4f64-b362-4170950d210f",
|
|
"dst_ref": "ipv4-addr--596f595b-3ad8-4f64-b362-4170950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f595b-3ad8-4f64-b362-4170950d210f",
|
|
"value": "107.180.2.55"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595b-dc3c-43c8-9214-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://aromozames.ru/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595b-cbbc-41ed-9dfd-4cc5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'aromozames.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f595b-3680-41f5-8c88-4d3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f595b-3680-41f5-8c88-4d3c950d210f",
|
|
"ipv4-addr--596f595b-3680-41f5-8c88-4d3c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f595b-3680-41f5-8c88-4d3c950d210f",
|
|
"dst_ref": "ipv4-addr--596f595b-3680-41f5-8c88-4d3c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f595b-3680-41f5-8c88-4d3c950d210f",
|
|
"value": "193.124.183.74"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f595b-ce14-4638-80f9-19ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f595b-ce14-4638-80f9-19ef950d210f",
|
|
"ipv4-addr--596f595b-ce14-4638-80f9-19ef950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f595b-ce14-4638-80f9-19ef950d210f",
|
|
"dst_ref": "ipv4-addr--596f595b-ce14-4638-80f9-19ef950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f595b-ce14-4638-80f9-19ef950d210f",
|
|
"value": "193.124.188.89"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595b-e4f8-40ee-a785-47e0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://atlon-mebel.ru/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595c-8394-4c57-9148-4190950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'atlon-mebel.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f595c-85e8-493d-b029-1864950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f595c-85e8-493d-b029-1864950d210f",
|
|
"ipv4-addr--596f595c-85e8-493d-b029-1864950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f595c-85e8-493d-b029-1864950d210f",
|
|
"dst_ref": "ipv4-addr--596f595c-85e8-493d-b029-1864950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f595c-85e8-493d-b029-1864950d210f",
|
|
"value": "178.159.252.126"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595c-24a0-4abd-9083-447e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://atsxpress.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595d-349c-491d-bdc7-1ab5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'atsxpress.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f595d-9be4-4c27-b5e5-4821950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f595d-9be4-4c27-b5e5-4821950d210f",
|
|
"ipv4-addr--596f595d-9be4-4c27-b5e5-4821950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f595d-9be4-4c27-b5e5-4821950d210f",
|
|
"dst_ref": "ipv4-addr--596f595d-9be4-4c27-b5e5-4821950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f595d-9be4-4c27-b5e5-4821950d210f",
|
|
"value": "23.252.3.51"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595d-6b0c-4497-8139-1859950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://cabbonentertainments.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595d-75ac-4540-8ff9-4556950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'cabbonentertainments.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f595e-1bc0-4bd8-a52a-472d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f595e-1bc0-4bd8-a52a-472d950d210f",
|
|
"ipv4-addr--596f595e-1bc0-4bd8-a52a-472d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f595e-1bc0-4bd8-a52a-472d950d210f",
|
|
"dst_ref": "ipv4-addr--596f595e-1bc0-4bd8-a52a-472d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f595e-1bc0-4bd8-a52a-472d950d210f",
|
|
"value": "208.91.198.102"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595e-7828-44d4-a1e3-461c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://cupcakery.in/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595e-166c-4a87-b7a7-4ef7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'cupcakery.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f595e-ebb8-4e8b-9604-4516950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f595e-ebb8-4e8b-9604-4516950d210f",
|
|
"ipv4-addr--596f595e-ebb8-4e8b-9604-4516950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f595e-ebb8-4e8b-9604-4516950d210f",
|
|
"dst_ref": "ipv4-addr--596f595e-ebb8-4e8b-9604-4516950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f595e-ebb8-4e8b-9604-4516950d210f",
|
|
"value": "103.195.185.222"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595f-63ac-41a6-8551-4ec8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://dabar.name/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595f-3c14-48d1-8935-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'dabar.name']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f595f-1ee8-48bc-8a13-4acf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f595f-1ee8-48bc-8a13-4acf950d210f",
|
|
"ipv4-addr--596f595f-1ee8-48bc-8a13-4acf950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f595f-1ee8-48bc-8a13-4acf950d210f",
|
|
"dst_ref": "ipv4-addr--596f595f-1ee8-48bc-8a13-4acf950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f595f-1ee8-48bc-8a13-4acf950d210f",
|
|
"value": "217.73.227.85"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595f-5ce0-47a4-abe1-45fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://descuentosperu.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f595f-74d0-47f0-b044-47ec950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'descuentosperu.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5960-5c48-4639-bc5d-44af950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5960-5c48-4639-bc5d-44af950d210f",
|
|
"ipv4-addr--596f5960-5c48-4639-bc5d-44af950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5960-5c48-4639-bc5d-44af950d210f",
|
|
"dst_ref": "ipv4-addr--596f5960-5c48-4639-bc5d-44af950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5960-5c48-4639-bc5d-44af950d210f",
|
|
"value": "192.232.249.178"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5960-6ae4-4f2d-84b0-43d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://dessde.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5960-5a40-404e-85b7-1ab5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'dessde.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5960-2c88-40a8-b84c-48e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5960-2c88-40a8-b84c-48e3950d210f",
|
|
"ipv4-addr--596f5960-2c88-40a8-b84c-48e3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5960-2c88-40a8-b84c-48e3950d210f",
|
|
"dst_ref": "ipv4-addr--596f5960-2c88-40a8-b84c-48e3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5960-2c88-40a8-b84c-48e3950d210f",
|
|
"value": "66.147.244.152"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5961-f850-41ef-8171-1859950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://editorialmasterlibros.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5961-6cb4-413f-b7f4-49d4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'editorialmasterlibros.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5961-cda0-4f62-9340-4f91950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5961-cda0-4f62-9340-4f91950d210f",
|
|
"ipv4-addr--596f5961-cda0-4f62-9340-4f91950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5961-cda0-4f62-9340-4f91950d210f",
|
|
"dst_ref": "ipv4-addr--596f5961-cda0-4f62-9340-4f91950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5961-cda0-4f62-9340-4f91950d210f",
|
|
"value": "107.154.155.2"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5961-64b8-4c73-ab2c-4584950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5961-64b8-4c73-ab2c-4584950d210f",
|
|
"ipv4-addr--596f5961-64b8-4c73-ab2c-4584950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5961-64b8-4c73-ab2c-4584950d210f",
|
|
"dst_ref": "ipv4-addr--596f5961-64b8-4c73-ab2c-4584950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5961-64b8-4c73-ab2c-4584950d210f",
|
|
"value": "192.185.21.150"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5962-6b28-4ac6-89f3-4368950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://e-snhv.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5962-0a6c-4216-bba3-4853950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'e-snhv.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5963-47b0-4b55-a119-495c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5963-47b0-4b55-a119-495c950d210f",
|
|
"ipv4-addr--596f5963-47b0-4b55-a119-495c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5963-47b0-4b55-a119-495c950d210f",
|
|
"dst_ref": "ipv4-addr--596f5963-47b0-4b55-a119-495c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5963-47b0-4b55-a119-495c950d210f",
|
|
"value": "61.106.62.37"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5963-5a3c-4baa-a563-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://faltico.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5963-af3c-4b39-924b-435c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'faltico.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5964-3cb8-4781-a270-4eec950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5964-3cb8-4781-a270-4eec950d210f",
|
|
"ipv4-addr--596f5964-3cb8-4781-a270-4eec950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5964-3cb8-4781-a270-4eec950d210f",
|
|
"dst_ref": "ipv4-addr--596f5964-3cb8-4781-a270-4eec950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5964-3cb8-4781-a270-4eec950d210f",
|
|
"value": "173.254.28.100"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5964-2760-4661-a3ec-19ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://fibrotek.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5964-b6e0-40e6-a2ab-4f4e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'fibrotek.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5964-cf84-462d-9f0e-4686950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5964-cf84-462d-9f0e-4686950d210f",
|
|
"ipv4-addr--596f5964-cf84-462d-9f0e-4686950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5964-cf84-462d-9f0e-4686950d210f",
|
|
"dst_ref": "ipv4-addr--596f5964-cf84-462d-9f0e-4686950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5964-cf84-462d-9f0e-4686950d210f",
|
|
"value": "192.252.132.160"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5964-9ff4-4379-9d8b-4183950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://fondazioneprogenies.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5964-b7cc-40f5-9713-1ab5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'fondazioneprogenies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5966-31a8-45b6-8ebd-4b6d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5966-31a8-45b6-8ebd-4b6d950d210f",
|
|
"ipv4-addr--596f5966-31a8-45b6-8ebd-4b6d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5966-31a8-45b6-8ebd-4b6d950d210f",
|
|
"dst_ref": "ipv4-addr--596f5966-31a8-45b6-8ebd-4b6d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5966-31a8-45b6-8ebd-4b6d950d210f",
|
|
"value": "151.1.182.10"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5966-32c8-4110-a18e-1859950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://gbaudiovisual.co.uk/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5966-5550-4a73-89a6-44e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'gbaudiovisual.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5967-d0ac-4c4b-a200-458c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5967-d0ac-4c4b-a200-458c950d210f",
|
|
"ipv4-addr--596f5967-d0ac-4c4b-a200-458c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5967-d0ac-4c4b-a200-458c950d210f",
|
|
"dst_ref": "ipv4-addr--596f5967-d0ac-4c4b-a200-458c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5967-d0ac-4c4b-a200-458c950d210f",
|
|
"value": "66.147.244.77"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5967-706c-4539-a3cb-43eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://in-city.info/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5967-4fb0-4068-9d62-4006950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'in-city.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5967-a298-4c46-bb52-4723950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5967-a298-4c46-bb52-4723950d210f",
|
|
"ipv4-addr--596f5967-a298-4c46-bb52-4723950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5967-a298-4c46-bb52-4723950d210f",
|
|
"dst_ref": "ipv4-addr--596f5967-a298-4c46-bb52-4723950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5967-a298-4c46-bb52-4723950d210f",
|
|
"value": "111.118.215.254"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5967-089c-4a6d-9208-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://kms2017.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5968-ff38-48af-9b74-4286950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'kms2017.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5968-291c-468a-b300-1a21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5968-291c-468a-b300-1a21950d210f",
|
|
"ipv4-addr--596f5968-291c-468a-b300-1a21950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5968-291c-468a-b300-1a21950d210f",
|
|
"dst_ref": "ipv4-addr--596f5968-291c-468a-b300-1a21950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5968-291c-468a-b300-1a21950d210f",
|
|
"value": "41.185.8.215"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5969-3f80-41a7-8272-4dd5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://luxurious-ss.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5969-4990-48bc-aaff-19ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'luxurious-ss.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5969-96d8-43a4-8c1b-4e34950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5969-96d8-43a4-8c1b-4e34950d210f",
|
|
"ipv4-addr--596f5969-96d8-43a4-8c1b-4e34950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5969-96d8-43a4-8c1b-4e34950d210f",
|
|
"dst_ref": "ipv4-addr--596f5969-96d8-43a4-8c1b-4e34950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5969-96d8-43a4-8c1b-4e34950d210f",
|
|
"value": "107.180.4.132"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5969-f580-4154-b53e-434a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://mahovik-bg.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5969-7684-45ea-b543-47ab950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'mahovik-bg.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f596a-96dc-4338-8e9e-1ab5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f596a-96dc-4338-8e9e-1ab5950d210f",
|
|
"ipv4-addr--596f596a-96dc-4338-8e9e-1ab5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f596a-96dc-4338-8e9e-1ab5950d210f",
|
|
"dst_ref": "ipv4-addr--596f596a-96dc-4338-8e9e-1ab5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f596a-96dc-4338-8e9e-1ab5950d210f",
|
|
"value": "92.43.113.68"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596a-52dc-4e35-9e84-49a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://nasusystems.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596a-61d4-497d-af65-1859950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'nasusystems.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f596b-4ae4-403d-a4d0-4b5d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f596b-4ae4-403d-a4d0-4b5d950d210f",
|
|
"ipv4-addr--596f596b-4ae4-403d-a4d0-4b5d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f596b-4ae4-403d-a4d0-4b5d950d210f",
|
|
"dst_ref": "ipv4-addr--596f596b-4ae4-403d-a4d0-4b5d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f596b-4ae4-403d-a4d0-4b5d950d210f",
|
|
"value": "162.251.80.12"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596c-a400-4a21-a2ee-4a40950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://newlifetabernacle.org.uk/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596c-4888-47f8-8c81-482d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'newlifetabernacle.org.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f596c-63c4-4e9c-bf95-419e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f596c-63c4-4e9c-bf95-419e950d210f",
|
|
"ipv4-addr--596f596c-63c4-4e9c-bf95-419e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f596c-63c4-4e9c-bf95-419e950d210f",
|
|
"dst_ref": "ipv4-addr--596f596c-63c4-4e9c-bf95-419e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f596c-63c4-4e9c-bf95-419e950d210f",
|
|
"value": "109.75.170.170"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596c-3f30-4d54-a22d-4827950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://orinta.de/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596c-46c8-47d5-8187-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'orinta.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f596c-c830-4ca4-80d8-4464950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f596c-c830-4ca4-80d8-4464950d210f",
|
|
"ipv4-addr--596f596c-c830-4ca4-80d8-4464950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f596c-c830-4ca4-80d8-4464950d210f",
|
|
"dst_ref": "ipv4-addr--596f596c-c830-4ca4-80d8-4464950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f596c-c830-4ca4-80d8-4464950d210f",
|
|
"value": "81.169.145.77"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596d-c9a8-4b82-b8f9-1a21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://pankaj.pro/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596d-484c-4ff0-8649-488f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'pankaj.pro']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f596d-ea68-448a-9bc7-19ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f596d-ea68-448a-9bc7-19ef950d210f",
|
|
"ipv4-addr--596f596d-ea68-448a-9bc7-19ef950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f596d-ea68-448a-9bc7-19ef950d210f",
|
|
"dst_ref": "ipv4-addr--596f596d-ea68-448a-9bc7-19ef950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f596d-ea68-448a-9bc7-19ef950d210f",
|
|
"value": "199.79.63.142"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596d-eb1c-4e1b-9979-41ba950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://pearlgonzalez.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596d-01c0-46b4-9ad1-4d40950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'pearlgonzalez.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f596e-fa2c-4003-ab66-44b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f596e-fa2c-4003-ab66-44b7950d210f",
|
|
"ipv4-addr--596f596e-fa2c-4003-ab66-44b7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f596e-fa2c-4003-ab66-44b7950d210f",
|
|
"dst_ref": "ipv4-addr--596f596e-fa2c-4003-ab66-44b7950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f596e-fa2c-4003-ab66-44b7950d210f",
|
|
"value": "166.63.11.180"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596e-99e4-4232-b19c-1ab5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://pta-babel.net/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596e-ca2c-4fd9-a99e-4679950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'pta-babel.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f596f-4814-4764-9550-1859950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f596f-4814-4764-9550-1859950d210f",
|
|
"ipv4-addr--596f596f-4814-4764-9550-1859950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f596f-4814-4764-9550-1859950d210f",
|
|
"dst_ref": "ipv4-addr--596f596f-4814-4764-9550-1859950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f596f-4814-4764-9550-1859950d210f",
|
|
"value": "103.247.9.134"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596f-cb50-4198-ab06-4699950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://spaceonline.in/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f596f-0a08-4d60-82d6-453b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'spaceonline.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5970-d804-41c1-8be9-42ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5970-d804-41c1-8be9-42ea950d210f",
|
|
"ipv4-addr--596f5970-d804-41c1-8be9-42ea950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5970-d804-41c1-8be9-42ea950d210f",
|
|
"dst_ref": "ipv4-addr--596f5970-d804-41c1-8be9-42ea950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5970-d804-41c1-8be9-42ea950d210f",
|
|
"value": "111.118.212.86"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5970-4e1c-4493-ac0a-41d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://studio80.biz/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5970-e8bc-49da-becc-4875950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'studio80.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5970-c6a8-47ac-b332-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5970-c6a8-47ac-b332-178c950d210f",
|
|
"ipv4-addr--596f5970-c6a8-47ac-b332-178c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5970-c6a8-47ac-b332-178c950d210f",
|
|
"dst_ref": "ipv4-addr--596f5970-c6a8-47ac-b332-178c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5970-c6a8-47ac-b332-178c950d210f",
|
|
"value": "81.169.145.160"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5971-10f4-4f94-af5a-4a72950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://sunnydaypublishing.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5971-7314-44e1-a767-1a21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'sunnydaypublishing.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5971-a4ac-41b9-84c4-417c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5971-a4ac-41b9-84c4-417c950d210f",
|
|
"ipv4-addr--596f5971-a4ac-41b9-84c4-417c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5971-a4ac-41b9-84c4-417c950d210f",
|
|
"dst_ref": "ipv4-addr--596f5971-a4ac-41b9-84c4-417c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5971-a4ac-41b9-84c4-417c950d210f",
|
|
"value": "192.185.52.210"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5971-42f0-49da-ab6c-19ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://sxmht.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5971-64a0-44b9-95a7-4048950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'sxmht.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5974-05c8-46bd-9014-4d6a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5974-05c8-46bd-9014-4d6a950d210f",
|
|
"ipv4-addr--596f5974-05c8-46bd-9014-4d6a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5974-05c8-46bd-9014-4d6a950d210f",
|
|
"dst_ref": "ipv4-addr--596f5974-05c8-46bd-9014-4d6a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5974-05c8-46bd-9014-4d6a950d210f",
|
|
"value": "1.82.161.53"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5974-fea8-469d-8f97-4641950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://taobba.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5974-3f34-4c9c-bbef-1ab5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'taobba.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5976-c8d8-403d-b7f2-4a1f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5976-c8d8-403d-b7f2-4a1f950d210f",
|
|
"ipv4-addr--596f5976-c8d8-403d-b7f2-4a1f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5976-c8d8-403d-b7f2-4a1f950d210f",
|
|
"dst_ref": "ipv4-addr--596f5976-c8d8-403d-b7f2-4a1f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5976-c8d8-403d-b7f2-4a1f950d210f",
|
|
"value": "211.159.182.101"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5976-316c-42cc-bd53-48f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://tax-accounting.net/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5976-5664-42c0-8fdb-1859950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'tax-accounting.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5977-ed44-4271-b987-453e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5977-ed44-4271-b987-453e950d210f",
|
|
"ipv4-addr--596f5977-ed44-4271-b987-453e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5977-ed44-4271-b987-453e950d210f",
|
|
"dst_ref": "ipv4-addr--596f5977-ed44-4271-b987-453e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5977-ed44-4271-b987-453e950d210f",
|
|
"value": "147.185.115.8"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5977-4794-43cd-bdd6-4d02950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://tayangfood.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5977-33f4-4a98-ae71-4d77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'tayangfood.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5977-cf04-4a91-b095-491b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5977-cf04-4a91-b095-491b950d210f",
|
|
"ipv4-addr--596f5977-cf04-4a91-b095-491b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5977-cf04-4a91-b095-491b950d210f",
|
|
"dst_ref": "ipv4-addr--596f5977-cf04-4a91-b095-491b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5977-cf04-4a91-b095-491b950d210f",
|
|
"value": "103.7.226.18"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5978-0c14-4c17-b6ed-4323950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://teoxan.ru/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5978-5504-4237-9701-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'teoxan.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5978-d1bc-4992-a0b3-4ec8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5978-d1bc-4992-a0b3-4ec8950d210f",
|
|
"ipv4-addr--596f5978-d1bc-4992-a0b3-4ec8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5978-d1bc-4992-a0b3-4ec8950d210f",
|
|
"dst_ref": "ipv4-addr--596f5978-d1bc-4992-a0b3-4ec8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5978-d1bc-4992-a0b3-4ec8950d210f",
|
|
"value": "37.143.9.146"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5978-ac20-42cf-8815-1a21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://test.atlon-mebel.ru/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5978-7a8c-4f79-b36b-4092950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'test.atlon-mebel.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5979-60c8-4734-bba1-4a02950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://thegardiners.ca/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5979-f7bc-4756-8d9f-4161950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'thegardiners.ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5979-dc74-4550-bffb-407a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f5979-dc74-4550-bffb-407a950d210f",
|
|
"ipv4-addr--596f5979-dc74-4550-bffb-407a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f5979-dc74-4550-bffb-407a950d210f",
|
|
"dst_ref": "ipv4-addr--596f5979-dc74-4550-bffb-407a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f5979-dc74-4550-bffb-407a950d210f",
|
|
"value": "69.90.160.230"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5979-18b4-49d8-a955-42c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://urban-dna.pt/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5979-2b00-40e3-a588-1ab5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'urban-dna.pt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597a-1b80-415d-b14b-4ed2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597a-1b80-415d-b14b-4ed2950d210f",
|
|
"ipv4-addr--596f597a-1b80-415d-b14b-4ed2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597a-1b80-415d-b14b-4ed2950d210f",
|
|
"dst_ref": "ipv4-addr--596f597a-1b80-415d-b14b-4ed2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597a-1b80-415d-b14b-4ed2950d210f",
|
|
"value": "173.237.190.72"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f597a-f9d0-4b26-9482-1859950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://westsussexcentre.org.uk/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f597a-6fec-484b-9b8a-44be950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'westsussexcentre.org.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597b-c818-4075-a445-42d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597b-c818-4075-a445-42d6950d210f",
|
|
"ipv4-addr--596f597b-c818-4075-a445-42d6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597b-c818-4075-a445-42d6950d210f",
|
|
"dst_ref": "ipv4-addr--596f597b-c818-4075-a445-42d6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597b-c818-4075-a445-42d6950d210f",
|
|
"value": "92.48.97.5"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f597b-c410-4ed8-8509-4293950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[url:value = 'http://wizbam.com/83b7bf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f597b-1374-4e3f-94df-4fe0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"pattern": "[domain-name:value = 'wizbam.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597b-bae4-4892-bce0-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597b-bae4-4892-bce0-178c950d210f",
|
|
"ipv4-addr--596f597b-bae4-4892-bce0-178c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597b-bae4-4892-bce0-178c950d210f",
|
|
"dst_ref": "ipv4-addr--596f597b-bae4-4892-bce0-178c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597b-bae4-4892-bce0-178c950d210f",
|
|
"value": "107.180.48.250"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597b-0b44-4056-b97e-4bff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597b-0b44-4056-b97e-4bff950d210f",
|
|
"ipv4-addr--596f597b-0b44-4056-b97e-4bff950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597b-0b44-4056-b97e-4bff950d210f",
|
|
"dst_ref": "ipv4-addr--596f597b-0b44-4056-b97e-4bff950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597b-0b44-4056-b97e-4bff950d210f",
|
|
"value": "194.87.95.60"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597b-1028-40b1-aec7-1a21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597b-1028-40b1-aec7-1a21950d210f",
|
|
"ipv4-addr--596f597b-1028-40b1-aec7-1a21950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597b-1028-40b1-aec7-1a21950d210f",
|
|
"dst_ref": "ipv4-addr--596f597b-1028-40b1-aec7-1a21950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597b-1028-40b1-aec7-1a21950d210f",
|
|
"value": "190.228.169.106"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597c-a210-458a-aa84-402b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597c-a210-458a-aa84-402b950d210f",
|
|
"ipv4-addr--596f597c-a210-458a-aa84-402b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597c-a210-458a-aa84-402b950d210f",
|
|
"dst_ref": "ipv4-addr--596f597c-a210-458a-aa84-402b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597c-a210-458a-aa84-402b950d210f",
|
|
"value": "94.42.91.27"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597c-c630-4ca8-84bf-19ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597c-c630-4ca8-84bf-19ef950d210f",
|
|
"ipv4-addr--596f597c-c630-4ca8-84bf-19ef950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597c-c630-4ca8-84bf-19ef950d210f",
|
|
"dst_ref": "ipv4-addr--596f597c-c630-4ca8-84bf-19ef950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597c-c630-4ca8-84bf-19ef950d210f",
|
|
"value": "118.91.178.114"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597c-a794-4075-a768-4658950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597c-a794-4075-a768-4658950d210f",
|
|
"ipv4-addr--596f597c-a794-4075-a768-4658950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597c-a794-4075-a768-4658950d210f",
|
|
"dst_ref": "ipv4-addr--596f597c-a794-4075-a768-4658950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597c-a794-4075-a768-4658950d210f",
|
|
"value": "186.103.161.204"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597c-27e0-4e79-8853-4668950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597c-27e0-4e79-8853-4668950d210f",
|
|
"ipv4-addr--596f597c-27e0-4e79-8853-4668950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597c-27e0-4e79-8853-4668950d210f",
|
|
"dst_ref": "ipv4-addr--596f597c-27e0-4e79-8853-4668950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597c-27e0-4e79-8853-4668950d210f",
|
|
"value": "163.53.206.187"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597d-1930-44a9-a767-4a31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597d-1930-44a9-a767-4a31950d210f",
|
|
"ipv4-addr--596f597d-1930-44a9-a767-4a31950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597d-1930-44a9-a767-4a31950d210f",
|
|
"dst_ref": "ipv4-addr--596f597d-1930-44a9-a767-4a31950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597d-1930-44a9-a767-4a31950d210f",
|
|
"value": "46.160.165.16"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597d-b3a4-47b6-a332-49f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597d-b3a4-47b6-a332-49f6950d210f",
|
|
"ipv4-addr--596f597d-b3a4-47b6-a332-49f6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597d-b3a4-47b6-a332-49f6950d210f",
|
|
"dst_ref": "ipv4-addr--596f597d-b3a4-47b6-a332-49f6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597d-b3a4-47b6-a332-49f6950d210f",
|
|
"value": "191.7.30.30"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597d-ff7c-48ad-8829-1ab5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597d-ff7c-48ad-8829-1ab5950d210f",
|
|
"ipv4-addr--596f597d-ff7c-48ad-8829-1ab5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597d-ff7c-48ad-8829-1ab5950d210f",
|
|
"dst_ref": "ipv4-addr--596f597d-ff7c-48ad-8829-1ab5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597d-ff7c-48ad-8829-1ab5950d210f",
|
|
"value": "46.160.165.31"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597d-6b74-405f-9ca3-4931950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597d-6b74-405f-9ca3-4931950d210f",
|
|
"ipv4-addr--596f597d-6b74-405f-9ca3-4931950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597d-6b74-405f-9ca3-4931950d210f",
|
|
"dst_ref": "ipv4-addr--596f597d-6b74-405f-9ca3-4931950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597d-6b74-405f-9ca3-4931950d210f",
|
|
"value": "197.248.210.150"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597e-7080-4cdf-9aee-4387950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597e-7080-4cdf-9aee-4387950d210f",
|
|
"ipv4-addr--596f597e-7080-4cdf-9aee-4387950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597e-7080-4cdf-9aee-4387950d210f",
|
|
"dst_ref": "ipv4-addr--596f597e-7080-4cdf-9aee-4387950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597e-7080-4cdf-9aee-4387950d210f",
|
|
"value": "195.133.201.149"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597e-8ef0-43ef-a592-1859950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597e-8ef0-43ef-a592-1859950d210f",
|
|
"ipv4-addr--596f597e-8ef0-43ef-a592-1859950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597e-8ef0-43ef-a592-1859950d210f",
|
|
"dst_ref": "ipv4-addr--596f597e-8ef0-43ef-a592-1859950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597e-8ef0-43ef-a592-1859950d210f",
|
|
"value": "94.140.121.250"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597e-ca90-4f9a-9c09-4a37950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597e-ca90-4f9a-9c09-4a37950d210f",
|
|
"ipv4-addr--596f597e-ca90-4f9a-9c09-4a37950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597e-ca90-4f9a-9c09-4a37950d210f",
|
|
"dst_ref": "ipv4-addr--596f597e-ca90-4f9a-9c09-4a37950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597e-ca90-4f9a-9c09-4a37950d210f",
|
|
"value": "83.234.136.55"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597e-187c-4910-a4e9-4372950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597e-187c-4910-a4e9-4372950d210f",
|
|
"ipv4-addr--596f597e-187c-4910-a4e9-4372950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597e-187c-4910-a4e9-4372950d210f",
|
|
"dst_ref": "ipv4-addr--596f597e-187c-4910-a4e9-4372950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597e-187c-4910-a4e9-4372950d210f",
|
|
"value": "93.99.68.140"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597f-7308-442a-8491-44fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597f-7308-442a-8491-44fe950d210f",
|
|
"ipv4-addr--596f597f-7308-442a-8491-44fe950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597f-7308-442a-8491-44fe950d210f",
|
|
"dst_ref": "ipv4-addr--596f597f-7308-442a-8491-44fe950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597f-7308-442a-8491-44fe950d210f",
|
|
"value": "118.91.178.145"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597f-e590-4a9d-b7ef-4a75950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597f-e590-4a9d-b7ef-4a75950d210f",
|
|
"ipv4-addr--596f597f-e590-4a9d-b7ef-4a75950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597f-e590-4a9d-b7ef-4a75950d210f",
|
|
"dst_ref": "ipv4-addr--596f597f-e590-4a9d-b7ef-4a75950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597f-e590-4a9d-b7ef-4a75950d210f",
|
|
"value": "168.194.82.174"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f597f-0a60-475c-a891-178c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:42.000Z",
|
|
"modified": "2017-07-19T13:20:42.000Z",
|
|
"first_observed": "2017-07-19T13:20:42Z",
|
|
"last_observed": "2017-07-19T13:20:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--596f597f-0a60-475c-a891-178c950d210f",
|
|
"ipv4-addr--596f597f-0a60-475c-a891-178c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--596f597f-0a60-475c-a891-178c950d210f",
|
|
"dst_ref": "ipv4-addr--596f597f-0a60-475c-a891-178c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--596f597f-0a60-475c-a891-178c950d210f",
|
|
"value": "190.34.158.250"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5cac-8374-4e01-bb15-186302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:44.000Z",
|
|
"modified": "2017-07-19T13:20:44.000Z",
|
|
"description": "- Xchecked via VT: f9650f8f6d8953dbfef206a4783cdd56",
|
|
"pattern": "[file:hashes.SHA256 = 'bbf078b84fe939f8b3a3d297c72b9240749bcd59fb0a31e6098e822f1a83fd60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5cac-9c14-4d0d-ba3a-186302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:44.000Z",
|
|
"modified": "2017-07-19T13:20:44.000Z",
|
|
"description": "- Xchecked via VT: f9650f8f6d8953dbfef206a4783cdd56",
|
|
"pattern": "[file:hashes.SHA1 = '5b7459a63b58c8ff2f24f67bd87df793d2774884']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5cac-7ff8-4593-9c66-186302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:44.000Z",
|
|
"modified": "2017-07-19T13:20:44.000Z",
|
|
"first_observed": "2017-07-19T13:20:44Z",
|
|
"last_observed": "2017-07-19T13:20:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--596f5cac-7ff8-4593-9c66-186302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--596f5cac-7ff8-4593-9c66-186302de0b81",
|
|
"value": "https://www.virustotal.com/file/bbf078b84fe939f8b3a3d297c72b9240749bcd59fb0a31e6098e822f1a83fd60/analysis/1500469176/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5cac-d6d8-48ac-bcfd-186302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:44.000Z",
|
|
"modified": "2017-07-19T13:20:44.000Z",
|
|
"description": "- Xchecked via VT: 89eae47c0fe12a7409dc42304dbb737f",
|
|
"pattern": "[file:hashes.SHA256 = 'a11fd973ea8bfd69772c26fde686f6529e671058799301f2aea3915b1a928f51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--596f5cac-b6d4-4bbd-8796-186302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:44.000Z",
|
|
"modified": "2017-07-19T13:20:44.000Z",
|
|
"description": "- Xchecked via VT: 89eae47c0fe12a7409dc42304dbb737f",
|
|
"pattern": "[file:hashes.SHA1 = 'c8a1a89dc47905d1945beaba31a1b8256060d83b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-07-19T13:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--596f5cac-a2a4-4ffa-b041-186302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-07-19T13:20:44.000Z",
|
|
"modified": "2017-07-19T13:20:44.000Z",
|
|
"first_observed": "2017-07-19T13:20:44Z",
|
|
"last_observed": "2017-07-19T13:20:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--596f5cac-a2a4-4ffa-b041-186302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--596f5cac-a2a4-4ffa-b041-186302de0b81",
|
|
"value": "https://www.virustotal.com/file/a11fd973ea8bfd69772c26fde686f6529e671058799301f2aea3915b1a928f51/analysis/1500466841/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |