4366 lines
No EOL
174 KiB
JSON
4366 lines
No EOL
174 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--59cd3b91-95a4-4efd-9334-4c5b950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:44:18.000Z",
|
|
"modified": "2017-09-29T12:44:18.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--59cd3b91-95a4-4efd-9334-4c5b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:44:18.000Z",
|
|
"modified": "2017-09-29T12:44:18.000Z",
|
|
"name": "M2M - Locky / Trickbot: \"Emailing: Scan0xxx\" from \"Sales\"",
|
|
"published": "2017-09-29T12:45:04Z",
|
|
"object_refs": [
|
|
"indicator--59cd3b92-bb70-4a40-af6d-723f950d210f",
|
|
"indicator--59cd3b92-8e98-4293-84c4-7255950d210f",
|
|
"indicator--59cd3b93-0a1c-43d6-a4f0-427f950d210f",
|
|
"indicator--59cd3b93-8f5c-47d3-93de-d001950d210f",
|
|
"observed-data--59cd3b93-405c-491f-8b97-1fad950d210f",
|
|
"network-traffic--59cd3b93-405c-491f-8b97-1fad950d210f",
|
|
"ipv4-addr--59cd3b93-405c-491f-8b97-1fad950d210f",
|
|
"indicator--59cd3b94-d360-45db-be55-46c1950d210f",
|
|
"indicator--59cd3b94-cfe0-4d54-8d85-4b1d950d210f",
|
|
"observed-data--59cd3b94-8948-4541-98ab-4963950d210f",
|
|
"network-traffic--59cd3b94-8948-4541-98ab-4963950d210f",
|
|
"ipv4-addr--59cd3b94-8948-4541-98ab-4963950d210f",
|
|
"indicator--59cd3b95-2338-47d5-991c-cdbd950d210f",
|
|
"indicator--59cd3b95-6f1c-41ad-9a42-7255950d210f",
|
|
"indicator--59cd3b96-9184-4a87-8862-1e0c950d210f",
|
|
"indicator--59cd3b96-fafc-4625-89e3-1b8e950d210f",
|
|
"indicator--59cd3b97-59c8-4ad2-9a5b-4bf1950d210f",
|
|
"indicator--59cd3b97-2d00-42f3-8616-4397950d210f",
|
|
"observed-data--59cd3b97-8c64-4381-b7b1-41eb950d210f",
|
|
"network-traffic--59cd3b97-8c64-4381-b7b1-41eb950d210f",
|
|
"ipv4-addr--59cd3b97-8c64-4381-b7b1-41eb950d210f",
|
|
"indicator--59cd3b98-3fb4-48b5-941b-723f950d210f",
|
|
"indicator--59cd3b98-d8b8-4b9f-85fa-cdbd950d210f",
|
|
"observed-data--59cd3b98-e690-4938-935b-7255950d210f",
|
|
"network-traffic--59cd3b98-e690-4938-935b-7255950d210f",
|
|
"ipv4-addr--59cd3b98-e690-4938-935b-7255950d210f",
|
|
"indicator--59cd3b99-a79c-4658-b709-d001950d210f",
|
|
"indicator--59cd3b99-c534-430a-813d-1e0c950d210f",
|
|
"observed-data--59cd3b9a-23fc-464c-bd43-1b8e950d210f",
|
|
"network-traffic--59cd3b9a-23fc-464c-bd43-1b8e950d210f",
|
|
"ipv4-addr--59cd3b9a-23fc-464c-bd43-1b8e950d210f",
|
|
"indicator--59cd3b9b-bd88-4d5f-973b-4485950d210f",
|
|
"indicator--59cd3b9b-9f0c-4d56-82e0-4294950d210f",
|
|
"observed-data--59cd3b9b-3470-4bfd-bef8-4410950d210f",
|
|
"network-traffic--59cd3b9b-3470-4bfd-bef8-4410950d210f",
|
|
"ipv4-addr--59cd3b9b-3470-4bfd-bef8-4410950d210f",
|
|
"indicator--59cd3b9c-b288-49f1-ada8-723f950d210f",
|
|
"indicator--59cd3b9c-b56c-4846-b5f9-cdbd950d210f",
|
|
"observed-data--59cd3b9c-9240-4cf3-b165-4957950d210f",
|
|
"network-traffic--59cd3b9c-9240-4cf3-b165-4957950d210f",
|
|
"ipv4-addr--59cd3b9c-9240-4cf3-b165-4957950d210f",
|
|
"indicator--59cd3b9d-1360-4b50-8996-1b8e950d210f",
|
|
"indicator--59cd3b9d-dbf8-4307-83fa-48a4950d210f",
|
|
"observed-data--59cd3b9d-cd44-4c8d-b71d-40d6950d210f",
|
|
"network-traffic--59cd3b9d-cd44-4c8d-b71d-40d6950d210f",
|
|
"ipv4-addr--59cd3b9d-cd44-4c8d-b71d-40d6950d210f",
|
|
"indicator--59cd3b9e-a13c-4fff-a657-49a2950d210f",
|
|
"indicator--59cd3b9e-b9e4-489e-af9e-723f950d210f",
|
|
"observed-data--59cd3b9f-9810-44be-9950-41a3950d210f",
|
|
"network-traffic--59cd3b9f-9810-44be-9950-41a3950d210f",
|
|
"ipv4-addr--59cd3b9f-9810-44be-9950-41a3950d210f",
|
|
"indicator--59cd3b9f-da90-41ff-9a2a-1b8e950d210f",
|
|
"indicator--59cd3b9f-f35c-4ffe-9231-1fad950d210f",
|
|
"observed-data--59cd3ba0-0a34-4529-9bfc-43ac950d210f",
|
|
"network-traffic--59cd3ba0-0a34-4529-9bfc-43ac950d210f",
|
|
"ipv4-addr--59cd3ba0-0a34-4529-9bfc-43ac950d210f",
|
|
"indicator--59cd3ba0-50d8-4f4f-b074-4f00950d210f",
|
|
"indicator--59cd3ba0-c534-4df9-ba25-723f950d210f",
|
|
"observed-data--59cd3ba1-b9d8-4351-9965-7255950d210f",
|
|
"network-traffic--59cd3ba1-b9d8-4351-9965-7255950d210f",
|
|
"ipv4-addr--59cd3ba1-b9d8-4351-9965-7255950d210f",
|
|
"indicator--59cd3ba2-e3f0-465f-9c23-1fad950d210f",
|
|
"indicator--59cd3ba2-db40-4a9a-8416-4c7d950d210f",
|
|
"observed-data--59cd3ba2-b928-4344-aef0-4589950d210f",
|
|
"network-traffic--59cd3ba2-b928-4344-aef0-4589950d210f",
|
|
"ipv4-addr--59cd3ba2-b928-4344-aef0-4589950d210f",
|
|
"indicator--59cd3ba3-2198-48e4-95b4-723f950d210f",
|
|
"indicator--59cd3ba3-3758-4b71-9b2a-4026950d210f",
|
|
"observed-data--59cd3ba3-f394-4b12-8bbc-406d950d210f",
|
|
"network-traffic--59cd3ba3-f394-4b12-8bbc-406d950d210f",
|
|
"ipv4-addr--59cd3ba3-f394-4b12-8bbc-406d950d210f",
|
|
"indicator--59cd3ba4-1dcc-4174-8d9a-4fef950d210f",
|
|
"indicator--59cd3ba4-55e4-406d-ab26-4f61950d210f",
|
|
"observed-data--59cd3ba4-dda4-4e63-b667-4b16950d210f",
|
|
"network-traffic--59cd3ba4-dda4-4e63-b667-4b16950d210f",
|
|
"ipv4-addr--59cd3ba4-dda4-4e63-b667-4b16950d210f",
|
|
"indicator--59cd3ba5-bed4-43d3-9b0c-720b950d210f",
|
|
"indicator--59cd3ba5-559c-4c88-8689-723f950d210f",
|
|
"observed-data--59cd3ba5-2840-41b8-94bd-4873950d210f",
|
|
"network-traffic--59cd3ba5-2840-41b8-94bd-4873950d210f",
|
|
"ipv4-addr--59cd3ba5-2840-41b8-94bd-4873950d210f",
|
|
"indicator--59cd3ba6-c910-462c-a8da-1e0c950d210f",
|
|
"indicator--59cd3ba6-ad48-49d0-b6a4-1fad950d210f",
|
|
"indicator--59cd3bcd-b6a0-43c0-a628-413a950d210f",
|
|
"indicator--59cd3bcd-7424-4f97-a4d9-46e4950d210f",
|
|
"observed-data--59cd3bcd-48e0-4f67-ba89-42da950d210f",
|
|
"network-traffic--59cd3bcd-48e0-4f67-ba89-42da950d210f",
|
|
"ipv4-addr--59cd3bcd-48e0-4f67-ba89-42da950d210f",
|
|
"indicator--59cd3bce-5c40-4e7e-afd7-720b950d210f",
|
|
"indicator--59cd3bce-12d0-47f2-a2cf-cdbd950d210f",
|
|
"observed-data--59cd3bce-9718-47e8-8651-4ef8950d210f",
|
|
"network-traffic--59cd3bce-9718-47e8-8651-4ef8950d210f",
|
|
"ipv4-addr--59cd3bce-9718-47e8-8651-4ef8950d210f",
|
|
"indicator--59cd3bcf-14a4-40d1-b950-1fad950d210f",
|
|
"indicator--59cd3bcf-a07c-44de-8188-1b8e950d210f",
|
|
"observed-data--59cd3bd0-8dc4-4881-96bc-49bf950d210f",
|
|
"network-traffic--59cd3bd0-8dc4-4881-96bc-49bf950d210f",
|
|
"ipv4-addr--59cd3bd0-8dc4-4881-96bc-49bf950d210f",
|
|
"indicator--59cd3bd0-f248-4900-8238-403d950d210f",
|
|
"indicator--59cd3bd0-09b4-486e-9167-41e3950d210f",
|
|
"observed-data--59cd3bd1-2f94-40c9-b0a9-4810950d210f",
|
|
"network-traffic--59cd3bd1-2f94-40c9-b0a9-4810950d210f",
|
|
"ipv4-addr--59cd3bd1-2f94-40c9-b0a9-4810950d210f",
|
|
"indicator--59cd3bd1-1b58-4ce3-a311-4189950d210f",
|
|
"indicator--59cd3bd1-6ee4-4d76-beda-d001950d210f",
|
|
"observed-data--59cd3bd2-51d0-48cb-a223-1e0c950d210f",
|
|
"network-traffic--59cd3bd2-51d0-48cb-a223-1e0c950d210f",
|
|
"ipv4-addr--59cd3bd2-51d0-48cb-a223-1e0c950d210f",
|
|
"indicator--59cd3bd2-1928-4d4a-83ce-48c2950d210f",
|
|
"indicator--59cd3bd2-430c-48e5-9f97-43ed950d210f",
|
|
"observed-data--59cd3bd3-835c-4c17-882a-446d950d210f",
|
|
"network-traffic--59cd3bd3-835c-4c17-882a-446d950d210f",
|
|
"ipv4-addr--59cd3bd3-835c-4c17-882a-446d950d210f",
|
|
"indicator--59cd3bd3-5e9c-4b3c-a9a6-4d44950d210f",
|
|
"indicator--59cd3bd4-b7cc-440c-8adf-4853950d210f",
|
|
"observed-data--59cd3bd4-d6ac-48a1-800c-d001950d210f",
|
|
"network-traffic--59cd3bd4-d6ac-48a1-800c-d001950d210f",
|
|
"ipv4-addr--59cd3bd4-d6ac-48a1-800c-d001950d210f",
|
|
"indicator--59cd3bd4-fba0-44d6-a173-7255950d210f",
|
|
"indicator--59cd3bd5-c018-4b62-af1d-1b8e950d210f",
|
|
"observed-data--59cd3bd5-6830-4735-b1c7-4cad950d210f",
|
|
"network-traffic--59cd3bd5-6830-4735-b1c7-4cad950d210f",
|
|
"ipv4-addr--59cd3bd5-6830-4735-b1c7-4cad950d210f",
|
|
"indicator--59cd3bd6-b954-418e-813b-4c25950d210f",
|
|
"indicator--59cd3bd6-ddb0-45bd-a29e-4f3b950d210f",
|
|
"observed-data--59cd3bd7-8700-4c3e-8ee4-4a82950d210f",
|
|
"network-traffic--59cd3bd7-8700-4c3e-8ee4-4a82950d210f",
|
|
"ipv4-addr--59cd3bd7-8700-4c3e-8ee4-4a82950d210f",
|
|
"indicator--59cd3bd8-4aa4-4b9f-b9f4-723f950d210f",
|
|
"indicator--59cd3bd8-fa24-465c-bf07-d001950d210f",
|
|
"observed-data--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f",
|
|
"network-traffic--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f",
|
|
"ipv4-addr--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f",
|
|
"indicator--59cd3bd9-5988-4067-be19-4e50950d210f",
|
|
"indicator--59cd3bd9-6000-4bbe-b80d-4104950d210f",
|
|
"observed-data--59cd3bda-bf64-46f2-9852-4512950d210f",
|
|
"network-traffic--59cd3bda-bf64-46f2-9852-4512950d210f",
|
|
"ipv4-addr--59cd3bda-bf64-46f2-9852-4512950d210f",
|
|
"indicator--59cd3bda-b610-4635-8e3b-4edf950d210f",
|
|
"indicator--59cd3bda-1448-454a-84b9-723f950d210f",
|
|
"observed-data--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f",
|
|
"network-traffic--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f",
|
|
"ipv4-addr--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f",
|
|
"indicator--59cd3bdb-4f70-4539-b1fd-7255950d210f",
|
|
"indicator--59cd3bdb-4060-4851-9760-1fad950d210f",
|
|
"observed-data--59cd3bdc-386c-4704-8855-403e950d210f",
|
|
"network-traffic--59cd3bdc-386c-4704-8855-403e950d210f",
|
|
"ipv4-addr--59cd3bdc-386c-4704-8855-403e950d210f",
|
|
"indicator--59cd3bdc-e398-4f71-8962-720b950d210f",
|
|
"indicator--59cd3bdc-cef8-4a4c-b69e-4e03950d210f",
|
|
"observed-data--59cd3bdd-ad74-42c1-a22e-4a37950d210f",
|
|
"network-traffic--59cd3bdd-ad74-42c1-a22e-4a37950d210f",
|
|
"ipv4-addr--59cd3bdd-ad74-42c1-a22e-4a37950d210f",
|
|
"indicator--59cd3bdd-c1f4-431d-a427-1e0c950d210f",
|
|
"indicator--59cd3bdd-8b08-4fb1-a08c-1fad950d210f",
|
|
"observed-data--59cd3bde-d588-408c-b16f-4cc6950d210f",
|
|
"network-traffic--59cd3bde-d588-408c-b16f-4cc6950d210f",
|
|
"ipv4-addr--59cd3bde-d588-408c-b16f-4cc6950d210f",
|
|
"indicator--59cd3bde-683c-45af-a108-720b950d210f",
|
|
"indicator--59cd3bde-93ec-47de-b432-4271950d210f",
|
|
"observed-data--59cd3bdf-cbfc-492a-86be-cdbd950d210f",
|
|
"network-traffic--59cd3bdf-cbfc-492a-86be-cdbd950d210f",
|
|
"ipv4-addr--59cd3bdf-cbfc-492a-86be-cdbd950d210f",
|
|
"indicator--59cd3bdf-86c8-45d3-8bd4-d001950d210f",
|
|
"indicator--59cd3be0-3a24-4902-b088-1e0c950d210f",
|
|
"observed-data--59cd3be0-41c4-4bb2-8026-4a94950d210f",
|
|
"network-traffic--59cd3be0-41c4-4bb2-8026-4a94950d210f",
|
|
"ipv4-addr--59cd3be0-41c4-4bb2-8026-4a94950d210f",
|
|
"indicator--59cd3be1-bb44-4afe-bc24-720b950d210f",
|
|
"indicator--59cd3be1-1978-49e6-b7e8-4b0d950d210f",
|
|
"observed-data--59cd3be1-634c-4a64-8dd0-4e8c950d210f",
|
|
"network-traffic--59cd3be1-634c-4a64-8dd0-4e8c950d210f",
|
|
"ipv4-addr--59cd3be1-634c-4a64-8dd0-4e8c950d210f",
|
|
"indicator--59cd3be2-3948-4c1c-90c9-4143950d210f",
|
|
"indicator--59cd3be2-d910-4698-a41b-1e0c950d210f",
|
|
"observed-data--59cd3be2-c43c-4add-ae1d-1fad950d210f",
|
|
"network-traffic--59cd3be2-c43c-4add-ae1d-1fad950d210f",
|
|
"ipv4-addr--59cd3be2-c43c-4add-ae1d-1fad950d210f",
|
|
"indicator--59cd3be2-cfd4-45e5-8f7d-4183950d210f",
|
|
"indicator--59cd3be3-3120-453d-ae46-49ed950d210f",
|
|
"observed-data--59cd3bf5-f130-4cca-81ee-474f950d210f",
|
|
"network-traffic--59cd3bf5-f130-4cca-81ee-474f950d210f",
|
|
"ipv4-addr--59cd3bf5-f130-4cca-81ee-474f950d210f",
|
|
"observed-data--59cd3bf6-13e4-49ee-8485-4a46950d210f",
|
|
"network-traffic--59cd3bf6-13e4-49ee-8485-4a46950d210f",
|
|
"ipv4-addr--59cd3bf6-13e4-49ee-8485-4a46950d210f",
|
|
"observed-data--59cd3bf6-fbac-4a9c-946c-4c6b950d210f",
|
|
"network-traffic--59cd3bf6-fbac-4a9c-946c-4c6b950d210f",
|
|
"ipv4-addr--59cd3bf6-fbac-4a9c-946c-4c6b950d210f",
|
|
"observed-data--59cd3bf7-251c-4871-b26e-723f950d210f",
|
|
"network-traffic--59cd3bf7-251c-4871-b26e-723f950d210f",
|
|
"ipv4-addr--59cd3bf7-251c-4871-b26e-723f950d210f",
|
|
"observed-data--59cd3bf7-fd74-4640-825a-4718950d210f",
|
|
"network-traffic--59cd3bf7-fd74-4640-825a-4718950d210f",
|
|
"ipv4-addr--59cd3bf7-fd74-4640-825a-4718950d210f",
|
|
"observed-data--59cd3bf7-e538-4aa7-b730-1e0c950d210f",
|
|
"network-traffic--59cd3bf7-e538-4aa7-b730-1e0c950d210f",
|
|
"ipv4-addr--59cd3bf7-e538-4aa7-b730-1e0c950d210f",
|
|
"observed-data--59cd3bf7-0078-4824-b45d-d001950d210f",
|
|
"network-traffic--59cd3bf7-0078-4824-b45d-d001950d210f",
|
|
"ipv4-addr--59cd3bf7-0078-4824-b45d-d001950d210f",
|
|
"observed-data--59cd3bf8-f87c-4d2e-9809-1fad950d210f",
|
|
"network-traffic--59cd3bf8-f87c-4d2e-9809-1fad950d210f",
|
|
"ipv4-addr--59cd3bf8-f87c-4d2e-9809-1fad950d210f",
|
|
"observed-data--59cd3bf8-8ea0-488d-a096-448e950d210f",
|
|
"network-traffic--59cd3bf8-8ea0-488d-a096-448e950d210f",
|
|
"ipv4-addr--59cd3bf8-8ea0-488d-a096-448e950d210f",
|
|
"observed-data--59cd3bf8-4890-4523-8173-7255950d210f",
|
|
"network-traffic--59cd3bf8-4890-4523-8173-7255950d210f",
|
|
"ipv4-addr--59cd3bf8-4890-4523-8173-7255950d210f",
|
|
"observed-data--59cd3bf9-214c-48ab-810d-48c4950d210f",
|
|
"network-traffic--59cd3bf9-214c-48ab-810d-48c4950d210f",
|
|
"ipv4-addr--59cd3bf9-214c-48ab-810d-48c4950d210f",
|
|
"observed-data--59cd3bf9-8474-44e3-878b-4ff5950d210f",
|
|
"network-traffic--59cd3bf9-8474-44e3-878b-4ff5950d210f",
|
|
"ipv4-addr--59cd3bf9-8474-44e3-878b-4ff5950d210f",
|
|
"observed-data--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f",
|
|
"network-traffic--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f",
|
|
"ipv4-addr--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f",
|
|
"observed-data--59cd3bfa-8ef8-4631-928d-4fc5950d210f",
|
|
"network-traffic--59cd3bfa-8ef8-4631-928d-4fc5950d210f",
|
|
"ipv4-addr--59cd3bfa-8ef8-4631-928d-4fc5950d210f",
|
|
"observed-data--59cd3bfa-578c-4d53-8ad5-4ef9950d210f",
|
|
"network-traffic--59cd3bfa-578c-4d53-8ad5-4ef9950d210f",
|
|
"ipv4-addr--59cd3bfa-578c-4d53-8ad5-4ef9950d210f",
|
|
"observed-data--59cd3bfa-ab30-4906-a6eb-720b950d210f",
|
|
"network-traffic--59cd3bfa-ab30-4906-a6eb-720b950d210f",
|
|
"ipv4-addr--59cd3bfa-ab30-4906-a6eb-720b950d210f",
|
|
"observed-data--59cd3bfa-fce0-409b-a01b-4fbf950d210f",
|
|
"network-traffic--59cd3bfa-fce0-409b-a01b-4fbf950d210f",
|
|
"ipv4-addr--59cd3bfa-fce0-409b-a01b-4fbf950d210f",
|
|
"observed-data--59cd3bfb-9180-498d-bd7f-4dbd950d210f",
|
|
"network-traffic--59cd3bfb-9180-498d-bd7f-4dbd950d210f",
|
|
"ipv4-addr--59cd3bfb-9180-498d-bd7f-4dbd950d210f",
|
|
"observed-data--59cd3bfb-d268-408e-9946-4aad950d210f",
|
|
"network-traffic--59cd3bfb-d268-408e-9946-4aad950d210f",
|
|
"ipv4-addr--59cd3bfb-d268-408e-9946-4aad950d210f",
|
|
"observed-data--59cd3bfb-72e8-4606-aceb-cdbd950d210f",
|
|
"network-traffic--59cd3bfb-72e8-4606-aceb-cdbd950d210f",
|
|
"ipv4-addr--59cd3bfb-72e8-4606-aceb-cdbd950d210f",
|
|
"observed-data--59cd3bfb-b5bc-4415-af53-4cde950d210f",
|
|
"network-traffic--59cd3bfb-b5bc-4415-af53-4cde950d210f",
|
|
"ipv4-addr--59cd3bfb-b5bc-4415-af53-4cde950d210f",
|
|
"observed-data--59cd3bfc-4374-4724-9742-48aa950d210f",
|
|
"network-traffic--59cd3bfc-4374-4724-9742-48aa950d210f",
|
|
"ipv4-addr--59cd3bfc-4374-4724-9742-48aa950d210f",
|
|
"observed-data--59cd3bfc-321c-4dcd-981a-4db2950d210f",
|
|
"network-traffic--59cd3bfc-321c-4dcd-981a-4db2950d210f",
|
|
"ipv4-addr--59cd3bfc-321c-4dcd-981a-4db2950d210f",
|
|
"observed-data--59cd3bfc-ff04-4fcc-b289-723f950d210f",
|
|
"network-traffic--59cd3bfc-ff04-4fcc-b289-723f950d210f",
|
|
"ipv4-addr--59cd3bfc-ff04-4fcc-b289-723f950d210f",
|
|
"observed-data--59cd3bfc-0ad8-470a-a6be-4351950d210f",
|
|
"network-traffic--59cd3bfc-0ad8-470a-a6be-4351950d210f",
|
|
"ipv4-addr--59cd3bfc-0ad8-470a-a6be-4351950d210f",
|
|
"observed-data--59cd3bfd-8508-44f2-b490-1e0c950d210f",
|
|
"network-traffic--59cd3bfd-8508-44f2-b490-1e0c950d210f",
|
|
"ipv4-addr--59cd3bfd-8508-44f2-b490-1e0c950d210f",
|
|
"observed-data--59cd3bfd-68d8-4ee4-a533-d001950d210f",
|
|
"network-traffic--59cd3bfd-68d8-4ee4-a533-d001950d210f",
|
|
"ipv4-addr--59cd3bfd-68d8-4ee4-a533-d001950d210f",
|
|
"observed-data--59cd3bfd-3918-4624-8689-1fad950d210f",
|
|
"network-traffic--59cd3bfd-3918-4624-8689-1fad950d210f",
|
|
"ipv4-addr--59cd3bfd-3918-4624-8689-1fad950d210f",
|
|
"indicator--59ce3688-b86c-4106-b72f-42c002de0b81",
|
|
"indicator--59ce3688-2090-4809-a5a3-4c2302de0b81",
|
|
"observed-data--59ce3688-0b74-49d6-bfee-40e802de0b81",
|
|
"url--59ce3688-0b74-49d6-bfee-40e802de0b81",
|
|
"indicator--59ce3688-8938-4ff0-aa78-437602de0b81",
|
|
"indicator--59ce3688-b5bc-4b37-b6ed-48d102de0b81",
|
|
"observed-data--59ce3688-debc-439a-92c8-4c1902de0b81",
|
|
"url--59ce3688-debc-439a-92c8-4c1902de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:tool=\"Trick Bot\"",
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b92-bb70-4a40-af6d-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '20a51bf0c489d3f2792cfae6ef4ee337']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b92-8e98-4293-84c4-7255950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c86b9c09258f31e1bca843e9c74a9049']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b93-0a1c-43d6-a4f0-427f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[url:value = 'http://ambrogiauto.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b93-8f5c-47d3-93de-d001950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[domain-name:value = 'ambrogiauto.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b93-405c-491f-8b97-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"first_observed": "2017-09-29T12:03:20Z",
|
|
"last_observed": "2017-09-29T12:03:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b93-405c-491f-8b97-1fad950d210f",
|
|
"ipv4-addr--59cd3b93-405c-491f-8b97-1fad950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b93-405c-491f-8b97-1fad950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b93-405c-491f-8b97-1fad950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b93-405c-491f-8b97-1fad950d210f",
|
|
"value": "89.96.90.17"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b94-d360-45db-be55-46c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[url:value = 'http://autoecoleathena.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b94-cfe0-4d54-8d85-4b1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[domain-name:value = 'autoecoleathena.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b94-8948-4541-98ab-4963950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"first_observed": "2017-09-29T12:03:20Z",
|
|
"last_observed": "2017-09-29T12:03:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b94-8948-4541-98ab-4963950d210f",
|
|
"ipv4-addr--59cd3b94-8948-4541-98ab-4963950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b94-8948-4541-98ab-4963950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b94-8948-4541-98ab-4963950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b94-8948-4541-98ab-4963950d210f",
|
|
"value": "193.227.248.241"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b95-2338-47d5-991c-cdbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[url:value = 'http://autoecoleboisdesroches.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b95-6f1c-41ad-9a42-7255950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[domain-name:value = 'autoecoleboisdesroches.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b96-9184-4a87-8862-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[url:value = 'http://autoecole-jeanpierre.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b96-fafc-4625-89e3-1b8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"pattern": "[domain-name:value = 'autoecole-jeanpierre.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b97-59c8-4ad2-9a5b-4bf1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://camerawind.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b97-2d00-42f3-8616-4397950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'camerawind.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b97-8c64-4381-b7b1-41eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b97-8c64-4381-b7b1-41eb950d210f",
|
|
"ipv4-addr--59cd3b97-8c64-4381-b7b1-41eb950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b97-8c64-4381-b7b1-41eb950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b97-8c64-4381-b7b1-41eb950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b97-8c64-4381-b7b1-41eb950d210f",
|
|
"value": "185.18.198.158"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b98-3fb4-48b5-941b-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://conlin-boats.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b98-d8b8-4b9f-85fa-cdbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'conlin-boats.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b98-e690-4938-935b-7255950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b98-e690-4938-935b-7255950d210f",
|
|
"ipv4-addr--59cd3b98-e690-4938-935b-7255950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b98-e690-4938-935b-7255950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b98-e690-4938-935b-7255950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b98-e690-4938-935b-7255950d210f",
|
|
"value": "208.73.32.82"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b99-a79c-4658-b709-d001950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://feng-lian.com.tw/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b99-c534-430a-813d-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'feng-lian.com.tw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b9a-23fc-464c-bd43-1b8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b9a-23fc-464c-bd43-1b8e950d210f",
|
|
"ipv4-addr--59cd3b9a-23fc-464c-bd43-1b8e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b9a-23fc-464c-bd43-1b8e950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b9a-23fc-464c-bd43-1b8e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b9a-23fc-464c-bd43-1b8e950d210f",
|
|
"value": "203.74.202.50"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9b-bd88-4d5f-973b-4485950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://flooringforyou.co.uk/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9b-9f0c-4d56-82e0-4294950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'flooringforyou.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b9b-3470-4bfd-bef8-4410950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b9b-3470-4bfd-bef8-4410950d210f",
|
|
"ipv4-addr--59cd3b9b-3470-4bfd-bef8-4410950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b9b-3470-4bfd-bef8-4410950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b9b-3470-4bfd-bef8-4410950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b9b-3470-4bfd-bef8-4410950d210f",
|
|
"value": "176.56.61.52"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9c-b288-49f1-ada8-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://fls-portal.co.uk/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9c-b56c-4846-b5f9-cdbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'fls-portal.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b9c-9240-4cf3-b165-4957950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b9c-9240-4cf3-b165-4957950d210f",
|
|
"ipv4-addr--59cd3b9c-9240-4cf3-b165-4957950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b9c-9240-4cf3-b165-4957950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b9c-9240-4cf3-b165-4957950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b9c-9240-4cf3-b165-4957950d210f",
|
|
"value": "109.108.149.65"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9d-1360-4b50-8996-1b8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://fmarson.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9d-dbf8-4307-83fa-48a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'fmarson.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b9d-cd44-4c8d-b71d-40d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b9d-cd44-4c8d-b71d-40d6950d210f",
|
|
"ipv4-addr--59cd3b9d-cd44-4c8d-b71d-40d6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b9d-cd44-4c8d-b71d-40d6950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b9d-cd44-4c8d-b71d-40d6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b9d-cd44-4c8d-b71d-40d6950d210f",
|
|
"value": "80.172.241.35"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9e-a13c-4fff-a657-49a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://freevillemusic.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9e-b9e4-489e-af9e-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'freevillemusic.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3b9f-9810-44be-9950-41a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3b9f-9810-44be-9950-41a3950d210f",
|
|
"ipv4-addr--59cd3b9f-9810-44be-9950-41a3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3b9f-9810-44be-9950-41a3950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3b9f-9810-44be-9950-41a3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3b9f-9810-44be-9950-41a3950d210f",
|
|
"value": "66.84.8.235"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9f-da90-41ff-9a2a-1b8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://geeks-online.de/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3b9f-f35c-4ffe-9231-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'geeks-online.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3ba0-0a34-4529-9bfc-43ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3ba0-0a34-4529-9bfc-43ac950d210f",
|
|
"ipv4-addr--59cd3ba0-0a34-4529-9bfc-43ac950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3ba0-0a34-4529-9bfc-43ac950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3ba0-0a34-4529-9bfc-43ac950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3ba0-0a34-4529-9bfc-43ac950d210f",
|
|
"value": "78.46.92.133"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba0-50d8-4f4f-b074-4f00950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://givensplace.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba0-c534-4df9-ba25-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'givensplace.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3ba1-b9d8-4351-9965-7255950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3ba1-b9d8-4351-9965-7255950d210f",
|
|
"ipv4-addr--59cd3ba1-b9d8-4351-9965-7255950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3ba1-b9d8-4351-9965-7255950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3ba1-b9d8-4351-9965-7255950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3ba1-b9d8-4351-9965-7255950d210f",
|
|
"value": "69.90.148.231"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba2-e3f0-465f-9c23-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://jakuboweb.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba2-db40-4a9a-8416-4c7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'jakuboweb.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3ba2-b928-4344-aef0-4589950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3ba2-b928-4344-aef0-4589950d210f",
|
|
"ipv4-addr--59cd3ba2-b928-4344-aef0-4589950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3ba2-b928-4344-aef0-4589950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3ba2-b928-4344-aef0-4589950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3ba2-b928-4344-aef0-4589950d210f",
|
|
"value": "149.7.99.14"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba3-2198-48e4-95b4-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://jaysonmorrison.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba3-3758-4b71-9b2a-4026950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'jaysonmorrison.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3ba3-f394-4b12-8bbc-406d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3ba3-f394-4b12-8bbc-406d950d210f",
|
|
"ipv4-addr--59cd3ba3-f394-4b12-8bbc-406d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3ba3-f394-4b12-8bbc-406d950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3ba3-f394-4b12-8bbc-406d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3ba3-f394-4b12-8bbc-406d950d210f",
|
|
"value": "208.79.200.165"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba4-1dcc-4174-8d9a-4fef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://melting-potes.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba4-55e4-406d-ab26-4f61950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'melting-potes.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3ba4-dda4-4e63-b667-4b16950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3ba4-dda4-4e63-b667-4b16950d210f",
|
|
"ipv4-addr--59cd3ba4-dda4-4e63-b667-4b16950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3ba4-dda4-4e63-b667-4b16950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3ba4-dda4-4e63-b667-4b16950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3ba4-dda4-4e63-b667-4b16950d210f",
|
|
"value": "87.98.167.154"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba5-bed4-43d3-9b0c-720b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://patrickreeves.com/9hciunery8g']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba5-559c-4c88-8689-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'patrickreeves.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3ba5-2840-41b8-94bd-4873950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3ba5-2840-41b8-94bd-4873950d210f",
|
|
"ipv4-addr--59cd3ba5-2840-41b8-94bd-4873950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3ba5-2840-41b8-94bd-4873950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3ba5-2840-41b8-94bd-4873950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3ba5-2840-41b8-94bd-4873950d210f",
|
|
"value": "208.79.200.8"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba6-c910-462c-a8da-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://sherylbro.net/p66/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3ba6-ad48-49d0-b6a4-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'sherylbro.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bcd-b6a0-43c0-a628-413a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://americanbulldogradio.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bcd-7424-4f97-a4d9-46e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'americanbulldogradio.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bcd-48e0-4f67-ba89-42da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bcd-48e0-4f67-ba89-42da950d210f",
|
|
"ipv4-addr--59cd3bcd-48e0-4f67-ba89-42da950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bcd-48e0-4f67-ba89-42da950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bcd-48e0-4f67-ba89-42da950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bcd-48e0-4f67-ba89-42da950d210f",
|
|
"value": "50.31.160.160"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bce-5c40-4e7e-afd7-720b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://anarakdesert.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bce-12d0-47f2-a2cf-cdbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'anarakdesert.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bce-9718-47e8-8651-4ef8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bce-9718-47e8-8651-4ef8950d210f",
|
|
"ipv4-addr--59cd3bce-9718-47e8-8651-4ef8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bce-9718-47e8-8651-4ef8950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bce-9718-47e8-8651-4ef8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bce-9718-47e8-8651-4ef8950d210f",
|
|
"value": "205.204.66.82"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bcf-14a4-40d1-b950-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://asnsport-bg.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bcf-a07c-44de-8188-1b8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'asnsport-bg.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bd0-8dc4-4881-96bc-49bf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bd0-8dc4-4881-96bc-49bf950d210f",
|
|
"ipv4-addr--59cd3bd0-8dc4-4881-96bc-49bf950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bd0-8dc4-4881-96bc-49bf950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bd0-8dc4-4881-96bc-49bf950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bd0-8dc4-4881-96bc-49bf950d210f",
|
|
"value": "193.107.36.30"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd0-f248-4900-8238-403d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://astilleroscotnsa.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd0-09b4-486e-9167-41e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'astilleroscotnsa.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bd1-2f94-40c9-b0a9-4810950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bd1-2f94-40c9-b0a9-4810950d210f",
|
|
"ipv4-addr--59cd3bd1-2f94-40c9-b0a9-4810950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bd1-2f94-40c9-b0a9-4810950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bd1-2f94-40c9-b0a9-4810950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bd1-2f94-40c9-b0a9-4810950d210f",
|
|
"value": "109.234.84.109"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd1-1b58-4ce3-a311-4189950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://atlantarecyclingcenters.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd1-6ee4-4d76-beda-d001950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'atlantarecyclingcenters.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bd2-51d0-48cb-a223-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bd2-51d0-48cb-a223-1e0c950d210f",
|
|
"ipv4-addr--59cd3bd2-51d0-48cb-a223-1e0c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bd2-51d0-48cb-a223-1e0c950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bd2-51d0-48cb-a223-1e0c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bd2-51d0-48cb-a223-1e0c950d210f",
|
|
"value": "98.124.251.75"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd2-1928-4d4a-83ce-48c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://augustinechua.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd2-430c-48e5-9f97-43ed950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'augustinechua.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bd3-835c-4c17-882a-446d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bd3-835c-4c17-882a-446d950d210f",
|
|
"ipv4-addr--59cd3bd3-835c-4c17-882a-446d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bd3-835c-4c17-882a-446d950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bd3-835c-4c17-882a-446d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bd3-835c-4c17-882a-446d950d210f",
|
|
"value": "110.4.45.159"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd3-5e9c-4b3c-a9a6-4d44950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://classactionlawsuitnewscenter.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd4-b7cc-440c-8adf-4853950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'classactionlawsuitnewscenter.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bd4-d6ac-48a1-800c-d001950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bd4-d6ac-48a1-800c-d001950d210f",
|
|
"ipv4-addr--59cd3bd4-d6ac-48a1-800c-d001950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bd4-d6ac-48a1-800c-d001950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bd4-d6ac-48a1-800c-d001950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bd4-d6ac-48a1-800c-d001950d210f",
|
|
"value": "50.28.26.10"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd4-fba0-44d6-a173-7255950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://davidstephensbanjo.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd5-c018-4b62-af1d-1b8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'davidstephensbanjo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bd5-6830-4735-b1c7-4cad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bd5-6830-4735-b1c7-4cad950d210f",
|
|
"ipv4-addr--59cd3bd5-6830-4735-b1c7-4cad950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bd5-6830-4735-b1c7-4cad950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bd5-6830-4735-b1c7-4cad950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bd5-6830-4735-b1c7-4cad950d210f",
|
|
"value": "63.247.137.98"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd6-b954-418e-813b-4c25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[url:value = 'http://essenza.co.id/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd6-ddb0-45bd-a29e-4f3b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"pattern": "[domain-name:value = 'essenza.co.id']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bd7-8700-4c3e-8ee4-4a82950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:19.000Z",
|
|
"modified": "2017-09-29T12:03:19.000Z",
|
|
"first_observed": "2017-09-29T12:03:19Z",
|
|
"last_observed": "2017-09-29T12:03:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bd7-8700-4c3e-8ee4-4a82950d210f",
|
|
"ipv4-addr--59cd3bd7-8700-4c3e-8ee4-4a82950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bd7-8700-4c3e-8ee4-4a82950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bd7-8700-4c3e-8ee4-4a82950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bd7-8700-4c3e-8ee4-4a82950d210f",
|
|
"value": "202.169.44.141"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd8-4aa4-4b9f-b9f4-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://evlilikpsikolojisi.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd8-fa24-465c-bf07-d001950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'evlilikpsikolojisi.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f",
|
|
"ipv4-addr--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bd8-7cdc-445e-aeb7-1e0c950d210f",
|
|
"value": "178.210.175.13"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd9-5988-4067-be19-4e50950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://e-westchesterpropertytax.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bd9-6000-4bbe-b80d-4104950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'e-westchesterpropertytax.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bda-bf64-46f2-9852-4512950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bda-bf64-46f2-9852-4512950d210f",
|
|
"ipv4-addr--59cd3bda-bf64-46f2-9852-4512950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bda-bf64-46f2-9852-4512950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bda-bf64-46f2-9852-4512950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bda-bf64-46f2-9852-4512950d210f",
|
|
"value": "63.247.142.80"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bda-b610-4635-8e3b-4edf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://felicesfiestas.com.mx/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bda-1448-454a-84b9-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'felicesfiestas.com.mx']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f",
|
|
"ipv4-addr--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bdb-0ed4-40a9-a62f-4b1d950d210f",
|
|
"value": "208.79.200.63"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bdb-4f70-4539-b1fd-7255950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://financeforautos.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bdb-4060-4851-9760-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'financeforautos.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bdc-386c-4704-8855-403e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bdc-386c-4704-8855-403e950d210f",
|
|
"ipv4-addr--59cd3bdc-386c-4704-8855-403e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bdc-386c-4704-8855-403e950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bdc-386c-4704-8855-403e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bdc-386c-4704-8855-403e950d210f",
|
|
"value": "72.4.145.228"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bdc-e398-4f71-8962-720b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://fincasoroel.es/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bdc-cef8-4a4c-b69e-4e03950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'fincasoroel.es']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bdd-ad74-42c1-a22e-4a37950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bdd-ad74-42c1-a22e-4a37950d210f",
|
|
"ipv4-addr--59cd3bdd-ad74-42c1-a22e-4a37950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bdd-ad74-42c1-a22e-4a37950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bdd-ad74-42c1-a22e-4a37950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bdd-ad74-42c1-a22e-4a37950d210f",
|
|
"value": "89.140.72.171"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bdd-c1f4-431d-a427-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://kailanisilks.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bdd-8b08-4fb1-a08c-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'kailanisilks.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bde-d588-408c-b16f-4cc6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bde-d588-408c-b16f-4cc6950d210f",
|
|
"ipv4-addr--59cd3bde-d588-408c-b16f-4cc6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bde-d588-408c-b16f-4cc6950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bde-d588-408c-b16f-4cc6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bde-d588-408c-b16f-4cc6950d210f",
|
|
"value": "70.39.149.97"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bde-683c-45af-a108-720b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://mediatrendsistem.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bde-93ec-47de-b432-4271950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'mediatrendsistem.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bdf-cbfc-492a-86be-cdbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bdf-cbfc-492a-86be-cdbd950d210f",
|
|
"ipv4-addr--59cd3bdf-cbfc-492a-86be-cdbd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bdf-cbfc-492a-86be-cdbd950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bdf-cbfc-492a-86be-cdbd950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bdf-cbfc-492a-86be-cdbd950d210f",
|
|
"value": "178.212.207.6"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3bdf-86c8-45d3-8bd4-d001950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://modaintensa.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3be0-3a24-4902-b088-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'modaintensa.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3be0-41c4-4bb2-8026-4a94950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3be0-41c4-4bb2-8026-4a94950d210f",
|
|
"ipv4-addr--59cd3be0-41c4-4bb2-8026-4a94950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3be0-41c4-4bb2-8026-4a94950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3be0-41c4-4bb2-8026-4a94950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3be0-41c4-4bb2-8026-4a94950d210f",
|
|
"value": "192.99.35.71"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3be1-bb44-4afe-bc24-720b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://mtblanc-let.co.uk/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3be1-1978-49e6-b7e8-4b0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'mtblanc-let.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3be1-634c-4a64-8dd0-4e8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3be1-634c-4a64-8dd0-4e8c950d210f",
|
|
"ipv4-addr--59cd3be1-634c-4a64-8dd0-4e8c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3be1-634c-4a64-8dd0-4e8c950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3be1-634c-4a64-8dd0-4e8c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3be1-634c-4a64-8dd0-4e8c950d210f",
|
|
"value": "217.199.175.27"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3be2-3948-4c1c-90c9-4143950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://plumanns.com/LUYTbjnrf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3be2-d910-4698-a41b-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'plumanns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3be2-c43c-4add-ae1d-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3be2-c43c-4add-ae1d-1fad950d210f",
|
|
"ipv4-addr--59cd3be2-c43c-4add-ae1d-1fad950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3be2-c43c-4add-ae1d-1fad950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3be2-c43c-4add-ae1d-1fad950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3be2-c43c-4add-ae1d-1fad950d210f",
|
|
"value": "217.160.224.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3be2-cfd4-45e5-8f7d-4183950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[url:value = 'http://poemsan.info/p66/d8743fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59cd3be3-3120-453d-ae46-49ed950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"pattern": "[domain-name:value = 'poemsan.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf5-f130-4cca-81ee-474f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf5-f130-4cca-81ee-474f950d210f",
|
|
"ipv4-addr--59cd3bf5-f130-4cca-81ee-474f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf5-f130-4cca-81ee-474f950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf5-f130-4cca-81ee-474f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf5-f130-4cca-81ee-474f950d210f",
|
|
"value": "91.83.88.51"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf6-13e4-49ee-8485-4a46950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf6-13e4-49ee-8485-4a46950d210f",
|
|
"ipv4-addr--59cd3bf6-13e4-49ee-8485-4a46950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf6-13e4-49ee-8485-4a46950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf6-13e4-49ee-8485-4a46950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf6-13e4-49ee-8485-4a46950d210f",
|
|
"value": "89.231.13.38"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf6-fbac-4a9c-946c-4c6b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf6-fbac-4a9c-946c-4c6b950d210f",
|
|
"ipv4-addr--59cd3bf6-fbac-4a9c-946c-4c6b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf6-fbac-4a9c-946c-4c6b950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf6-fbac-4a9c-946c-4c6b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf6-fbac-4a9c-946c-4c6b950d210f",
|
|
"value": "94.75.77.162"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf7-251c-4871-b26e-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf7-251c-4871-b26e-723f950d210f",
|
|
"ipv4-addr--59cd3bf7-251c-4871-b26e-723f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf7-251c-4871-b26e-723f950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf7-251c-4871-b26e-723f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf7-251c-4871-b26e-723f950d210f",
|
|
"value": "194.87.103.36"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf7-fd74-4640-825a-4718950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf7-fd74-4640-825a-4718950d210f",
|
|
"ipv4-addr--59cd3bf7-fd74-4640-825a-4718950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf7-fd74-4640-825a-4718950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf7-fd74-4640-825a-4718950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf7-fd74-4640-825a-4718950d210f",
|
|
"value": "5.45.86.128"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf7-e538-4aa7-b730-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf7-e538-4aa7-b730-1e0c950d210f",
|
|
"ipv4-addr--59cd3bf7-e538-4aa7-b730-1e0c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf7-e538-4aa7-b730-1e0c950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf7-e538-4aa7-b730-1e0c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf7-e538-4aa7-b730-1e0c950d210f",
|
|
"value": "195.133.48.187"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf7-0078-4824-b45d-d001950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf7-0078-4824-b45d-d001950d210f",
|
|
"ipv4-addr--59cd3bf7-0078-4824-b45d-d001950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf7-0078-4824-b45d-d001950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf7-0078-4824-b45d-d001950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf7-0078-4824-b45d-d001950d210f",
|
|
"value": "194.87.147.212"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf8-f87c-4d2e-9809-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf8-f87c-4d2e-9809-1fad950d210f",
|
|
"ipv4-addr--59cd3bf8-f87c-4d2e-9809-1fad950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf8-f87c-4d2e-9809-1fad950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf8-f87c-4d2e-9809-1fad950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf8-f87c-4d2e-9809-1fad950d210f",
|
|
"value": "5.45.84.9"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf8-8ea0-488d-a096-448e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf8-8ea0-488d-a096-448e950d210f",
|
|
"ipv4-addr--59cd3bf8-8ea0-488d-a096-448e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf8-8ea0-488d-a096-448e950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf8-8ea0-488d-a096-448e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf8-8ea0-488d-a096-448e950d210f",
|
|
"value": "185.158.115.72"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf8-4890-4523-8173-7255950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf8-4890-4523-8173-7255950d210f",
|
|
"ipv4-addr--59cd3bf8-4890-4523-8173-7255950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf8-4890-4523-8173-7255950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf8-4890-4523-8173-7255950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf8-4890-4523-8173-7255950d210f",
|
|
"value": "194.87.145.40"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf9-214c-48ab-810d-48c4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf9-214c-48ab-810d-48c4950d210f",
|
|
"ipv4-addr--59cd3bf9-214c-48ab-810d-48c4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf9-214c-48ab-810d-48c4950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf9-214c-48ab-810d-48c4950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf9-214c-48ab-810d-48c4950d210f",
|
|
"value": "185.158.112.67"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf9-8474-44e3-878b-4ff5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf9-8474-44e3-878b-4ff5950d210f",
|
|
"ipv4-addr--59cd3bf9-8474-44e3-878b-4ff5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf9-8474-44e3-878b-4ff5950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf9-8474-44e3-878b-4ff5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf9-8474-44e3-878b-4ff5950d210f",
|
|
"value": "195.133.48.38"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f",
|
|
"ipv4-addr--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bf9-64c4-4f6f-bc35-1b8e950d210f",
|
|
"value": "194.87.102.225"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfa-8ef8-4631-928d-4fc5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfa-8ef8-4631-928d-4fc5950d210f",
|
|
"ipv4-addr--59cd3bfa-8ef8-4631-928d-4fc5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfa-8ef8-4631-928d-4fc5950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfa-8ef8-4631-928d-4fc5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfa-8ef8-4631-928d-4fc5950d210f",
|
|
"value": "5.45.67.36"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfa-578c-4d53-8ad5-4ef9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfa-578c-4d53-8ad5-4ef9950d210f",
|
|
"ipv4-addr--59cd3bfa-578c-4d53-8ad5-4ef9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfa-578c-4d53-8ad5-4ef9950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfa-578c-4d53-8ad5-4ef9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfa-578c-4d53-8ad5-4ef9950d210f",
|
|
"value": "194.87.144.198"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfa-ab30-4906-a6eb-720b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfa-ab30-4906-a6eb-720b950d210f",
|
|
"ipv4-addr--59cd3bfa-ab30-4906-a6eb-720b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfa-ab30-4906-a6eb-720b950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfa-ab30-4906-a6eb-720b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfa-ab30-4906-a6eb-720b950d210f",
|
|
"value": "94.242.206.172"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfa-fce0-409b-a01b-4fbf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfa-fce0-409b-a01b-4fbf950d210f",
|
|
"ipv4-addr--59cd3bfa-fce0-409b-a01b-4fbf950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfa-fce0-409b-a01b-4fbf950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfa-fce0-409b-a01b-4fbf950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfa-fce0-409b-a01b-4fbf950d210f",
|
|
"value": "194.87.236.228"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfb-9180-498d-bd7f-4dbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfb-9180-498d-bd7f-4dbd950d210f",
|
|
"ipv4-addr--59cd3bfb-9180-498d-bd7f-4dbd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfb-9180-498d-bd7f-4dbd950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfb-9180-498d-bd7f-4dbd950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfb-9180-498d-bd7f-4dbd950d210f",
|
|
"value": "194.87.92.30"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfb-d268-408e-9946-4aad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfb-d268-408e-9946-4aad950d210f",
|
|
"ipv4-addr--59cd3bfb-d268-408e-9946-4aad950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfb-d268-408e-9946-4aad950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfb-d268-408e-9946-4aad950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfb-d268-408e-9946-4aad950d210f",
|
|
"value": "185.158.115.7"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfb-72e8-4606-aceb-cdbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfb-72e8-4606-aceb-cdbd950d210f",
|
|
"ipv4-addr--59cd3bfb-72e8-4606-aceb-cdbd950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfb-72e8-4606-aceb-cdbd950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfb-72e8-4606-aceb-cdbd950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfb-72e8-4606-aceb-cdbd950d210f",
|
|
"value": "195.133.145.96"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfb-b5bc-4415-af53-4cde950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfb-b5bc-4415-af53-4cde950d210f",
|
|
"ipv4-addr--59cd3bfb-b5bc-4415-af53-4cde950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfb-b5bc-4415-af53-4cde950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfb-b5bc-4415-af53-4cde950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfb-b5bc-4415-af53-4cde950d210f",
|
|
"value": "195.133.49.157"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfc-4374-4724-9742-48aa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfc-4374-4724-9742-48aa950d210f",
|
|
"ipv4-addr--59cd3bfc-4374-4724-9742-48aa950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfc-4374-4724-9742-48aa950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfc-4374-4724-9742-48aa950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfc-4374-4724-9742-48aa950d210f",
|
|
"value": "46.249.59.97"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfc-321c-4dcd-981a-4db2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfc-321c-4dcd-981a-4db2950d210f",
|
|
"ipv4-addr--59cd3bfc-321c-4dcd-981a-4db2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfc-321c-4dcd-981a-4db2950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfc-321c-4dcd-981a-4db2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfc-321c-4dcd-981a-4db2950d210f",
|
|
"value": "185.158.115.62"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfc-ff04-4fcc-b289-723f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfc-ff04-4fcc-b289-723f950d210f",
|
|
"ipv4-addr--59cd3bfc-ff04-4fcc-b289-723f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfc-ff04-4fcc-b289-723f950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfc-ff04-4fcc-b289-723f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfc-ff04-4fcc-b289-723f950d210f",
|
|
"value": "138.201.44.28"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfc-0ad8-470a-a6be-4351950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfc-0ad8-470a-a6be-4351950d210f",
|
|
"ipv4-addr--59cd3bfc-0ad8-470a-a6be-4351950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfc-0ad8-470a-a6be-4351950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfc-0ad8-470a-a6be-4351950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfc-0ad8-470a-a6be-4351950d210f",
|
|
"value": "217.182.226.168"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfd-8508-44f2-b490-1e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfd-8508-44f2-b490-1e0c950d210f",
|
|
"ipv4-addr--59cd3bfd-8508-44f2-b490-1e0c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfd-8508-44f2-b490-1e0c950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfd-8508-44f2-b490-1e0c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfd-8508-44f2-b490-1e0c950d210f",
|
|
"value": "195.133.48.152"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfd-68d8-4ee4-a533-d001950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:18.000Z",
|
|
"modified": "2017-09-29T12:03:18.000Z",
|
|
"first_observed": "2017-09-29T12:03:18Z",
|
|
"last_observed": "2017-09-29T12:03:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfd-68d8-4ee4-a533-d001950d210f",
|
|
"ipv4-addr--59cd3bfd-68d8-4ee4-a533-d001950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfd-68d8-4ee4-a533-d001950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfd-68d8-4ee4-a533-d001950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfd-68d8-4ee4-a533-d001950d210f",
|
|
"value": "194.87.234.90"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59cd3bfd-3918-4624-8689-1fad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:17.000Z",
|
|
"modified": "2017-09-29T12:03:17.000Z",
|
|
"first_observed": "2017-09-29T12:03:17Z",
|
|
"last_observed": "2017-09-29T12:03:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59cd3bfd-3918-4624-8689-1fad950d210f",
|
|
"ipv4-addr--59cd3bfd-3918-4624-8689-1fad950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59cd3bfd-3918-4624-8689-1fad950d210f",
|
|
"dst_ref": "ipv4-addr--59cd3bfd-3918-4624-8689-1fad950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59cd3bfd-3918-4624-8689-1fad950d210f",
|
|
"value": "217.182.226.165"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ce3688-b86c-4106-b72f-42c002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"description": "- Xchecked via VT: c86b9c09258f31e1bca843e9c74a9049",
|
|
"pattern": "[file:hashes.SHA256 = '4a4491a5daa0b8c0d4e694601cbb860e0e069356b83e2f6ea215be758f533f1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ce3688-2090-4809-a5a3-4c2302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"description": "- Xchecked via VT: c86b9c09258f31e1bca843e9c74a9049",
|
|
"pattern": "[file:hashes.SHA1 = '3db124b9ed6064be9389f089b3168747311419a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ce3688-0b74-49d6-bfee-40e802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"first_observed": "2017-09-29T12:03:20Z",
|
|
"last_observed": "2017-09-29T12:03:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ce3688-0b74-49d6-bfee-40e802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ce3688-0b74-49d6-bfee-40e802de0b81",
|
|
"value": "https://www.virustotal.com/file/4a4491a5daa0b8c0d4e694601cbb860e0e069356b83e2f6ea215be758f533f1e/analysis/1506659811/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ce3688-8938-4ff0-aa78-437602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"description": "- Xchecked via VT: 20a51bf0c489d3f2792cfae6ef4ee337",
|
|
"pattern": "[file:hashes.SHA256 = '01e771dc6cf9572eac3d87120d7a7d1ff95fdc1499b668c7fde2919e0f685256']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ce3688-b5bc-4b37-b6ed-48d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"description": "- Xchecked via VT: 20a51bf0c489d3f2792cfae6ef4ee337",
|
|
"pattern": "[file:hashes.SHA1 = 'c5270e39548d9259b421ad5e94f3e8ebdd2f1cf5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-29T12:03:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ce3688-debc-439a-92c8-4c1902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-29T12:03:20.000Z",
|
|
"modified": "2017-09-29T12:03:20.000Z",
|
|
"first_observed": "2017-09-29T12:03:20Z",
|
|
"last_observed": "2017-09-29T12:03:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59ce3688-debc-439a-92c8-4c1902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59ce3688-debc-439a-92c8-4c1902de0b81",
|
|
"value": "https://www.virustotal.com/file/01e771dc6cf9572eac3d87120d7a7d1ff95fdc1499b668c7fde2919e0f685256/analysis/1506681763/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |