1518 lines
No EOL
60 KiB
JSON
1518 lines
No EOL
60 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--59ddbaf9-3874-405c-b2e7-4770950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:56.000Z",
|
|
"modified": "2017-10-12T17:36:56.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--59ddbaf9-3874-405c-b2e7-4770950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:56.000Z",
|
|
"modified": "2017-10-12T17:36:56.000Z",
|
|
"name": "M2M - Locky 2017-10-10 : Affid=3, offline, \".asasin\" : \"Voicemail From 845-551-1234\" - \"VMSG12345678_20171010.7z\"",
|
|
"published": "2017-10-12T17:40:39Z",
|
|
"object_refs": [
|
|
"indicator--59ddbafa-ae58-4bdd-93e5-4f83950d210f",
|
|
"indicator--59ddbafa-9554-4127-b998-4b20950d210f",
|
|
"indicator--59ddbafa-290c-436b-be26-4b6e950d210f",
|
|
"observed-data--59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"network-traffic--59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"ipv4-addr--59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"indicator--59ddbafb-d924-4a3d-9ebc-4d02950d210f",
|
|
"indicator--59ddbafb-2450-4fa7-916d-4a83950d210f",
|
|
"observed-data--59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"network-traffic--59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"ipv4-addr--59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"indicator--59ddbafb-df8c-47e5-9dd2-4fe9950d210f",
|
|
"indicator--59ddbafc-a27c-483c-a0c4-4de7950d210f",
|
|
"observed-data--59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"network-traffic--59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"ipv4-addr--59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"indicator--59ddbafc-dc84-4cb1-aac0-6211950d210f",
|
|
"indicator--59ddbafc-2528-4a3f-ad70-096f950d210f",
|
|
"observed-data--59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"network-traffic--59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"ipv4-addr--59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"indicator--59ddbb00-ba20-48ab-91e6-4fc3950d210f",
|
|
"indicator--59ddbb00-bec0-4b82-9c45-4ee1950d210f",
|
|
"observed-data--59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"network-traffic--59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"ipv4-addr--59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"indicator--59ddbb00-6228-4348-b57c-4590950d210f",
|
|
"indicator--59ddbb00-d0c4-45a0-b06a-4e64950d210f",
|
|
"observed-data--59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"network-traffic--59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"ipv4-addr--59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"indicator--59ddbb01-4d24-44e2-9e27-61c1950d210f",
|
|
"indicator--59ddbb01-7354-4c61-b480-41f3950d210f",
|
|
"observed-data--59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"network-traffic--59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"ipv4-addr--59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"indicator--59ddbb02-1800-4a39-8303-4e09950d210f",
|
|
"indicator--59ddbb02-b064-432a-a5a5-4374950d210f",
|
|
"observed-data--59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"network-traffic--59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"ipv4-addr--59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"indicator--59ddbb03-7bf4-46fa-ac8f-479c950d210f",
|
|
"indicator--59ddbb03-3ecc-4b7a-9a0c-6211950d210f",
|
|
"observed-data--59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"network-traffic--59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"ipv4-addr--59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"indicator--59ddbb03-9840-4d34-88cc-61c1950d210f",
|
|
"indicator--59ddbb04-ec1c-42b5-a97c-4fd8950d210f",
|
|
"observed-data--59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"network-traffic--59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"ipv4-addr--59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"indicator--59ddbb04-c104-4f21-b82a-31f8950d210f",
|
|
"indicator--59ddbb04-72a8-4622-b662-4dc4950d210f",
|
|
"observed-data--59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"network-traffic--59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"ipv4-addr--59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"indicator--59ddbb05-b74c-4048-ae7d-4e7a950d210f",
|
|
"indicator--59ddbb05-55f0-439b-8cfc-6211950d210f",
|
|
"indicator--59ddbb06-f4ac-4d03-b7ca-61c1950d210f",
|
|
"indicator--59ddbb06-a7f4-408e-b861-4260950d210f",
|
|
"observed-data--59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"network-traffic--59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"ipv4-addr--59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"indicator--59ddbb07-d698-450c-bf30-b4e9950d210f",
|
|
"indicator--59ddbb07-5648-44f3-bcf3-4b45950d210f",
|
|
"observed-data--59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"network-traffic--59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"ipv4-addr--59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"indicator--59ddbb07-58d0-49b9-adca-4687950d210f",
|
|
"indicator--59ddbb08-7f8c-48c5-850b-6211950d210f",
|
|
"observed-data--59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"network-traffic--59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"ipv4-addr--59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"indicator--59ddbb08-6f84-49b4-a0be-096f950d210f",
|
|
"indicator--59ddbb08-3724-4f77-b69f-494f950d210f",
|
|
"observed-data--59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"network-traffic--59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"ipv4-addr--59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"indicator--59ddbb09-b674-4272-bef6-4391950d210f",
|
|
"indicator--59ddbb09-78dc-41cf-85c9-31f8950d210f",
|
|
"indicator--59dfa831-9e70-435a-816f-431802de0b81",
|
|
"indicator--59dfa831-eff4-475c-bd04-48e202de0b81",
|
|
"observed-data--59dfa831-efd4-4add-a72b-414502de0b81",
|
|
"url--59dfa831-efd4-4add-a72b-414502de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafa-ae58-4bdd-93e5-4f83950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:48.000Z",
|
|
"modified": "2017-10-12T17:36:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = '37c106c0d8e97fbe9ec10a037858ea23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafa-9554-4127-b998-4b20950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://alucmuhendislik.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafa-290c-436b-be26-4b6e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'alucmuhendislik.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"ipv4-addr--59ddbafb-dfd4-47ce-9bf7-4b76950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"value": "185.85.205.9"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafb-d924-4a3d-9ebc-4d02950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://atlantarecyclingcenters.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafb-2450-4fa7-916d-4a83950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'atlantarecyclingcenters.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"ipv4-addr--59ddbafb-ee64-40a0-a18f-31f8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"value": "98.124.251.75"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafb-df8c-47e5-9dd2-4fe9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://bit-chasers.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafc-a27c-483c-a0c4-4de7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'bit-chasers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"ipv4-addr--59ddbafc-cf64-49fa-ba16-403d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"value": "98.124.251.176"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafc-dc84-4cb1-aac0-6211950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://bjp.co.id/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbafc-2528-4a3f-ad70-096f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'bjp.co.id']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"ipv4-addr--59ddbaff-0390-4b26-aae3-b4e9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"value": "202.169.44.167"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb00-ba20-48ab-91e6-4fc3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://centurythis.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb00-bec0-4b82-9c45-4ee1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'centurythis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"ipv4-addr--59ddbb00-1c58-4fc5-b0c2-4150950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"value": "98.124.252.66"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb00-6228-4348-b57c-4590950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://estudiperceptiva.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb00-d0c4-45a0-b06a-4e64950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'estudiperceptiva.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"ipv4-addr--59ddbb01-a6c4-4ddd-9292-4183950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"value": "86.109.170.66"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb01-4d24-44e2-9e27-61c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://handhi.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb01-7354-4c61-b480-41f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'handhi.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"ipv4-addr--59ddbb02-5cc4-41df-b08c-b4e9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"value": "162.213.255.19"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb02-1800-4a39-8303-4e09950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://hellonwheelsthemovie.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb02-b064-432a-a5a5-4374950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'hellonwheelsthemovie.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"ipv4-addr--59ddbb03-b66c-4d89-8b7b-4bc3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"value": "66.36.165.149"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb03-7bf4-46fa-ac8f-479c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://hexacam.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb03-3ecc-4b7a-9a0c-6211950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'hexacam.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"ipv4-addr--59ddbb03-68d0-4ce7-9d82-4a95950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"value": "98.124.251.65"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb03-9840-4d34-88cc-61c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://logica-info.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb04-ec1c-42b5-a97c-4fd8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'logica-info.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"ipv4-addr--59ddbb04-5554-4d42-9027-b4e9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"value": "202.169.44.143"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb04-c104-4f21-b82a-31f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://mh-service.ru/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb04-72a8-4622-b662-4dc4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'mh-service.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"ipv4-addr--59ddbb05-bd8c-498b-b4f6-470c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"value": "89.253.235.118"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb05-b74c-4048-ae7d-4e7a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://miamirecyclecenters.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb05-55f0-439b-8cfc-6211950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'miamirecyclecenters.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb06-f4ac-4d03-b7ca-61c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://monstermx.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb06-a7f4-408e-b861-4260950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'monstermx.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"ipv4-addr--59ddbb06-4a78-4e45-8a70-409a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"value": "107.152.98.20"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb07-d698-450c-bf30-b4e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://m-tensou.net/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb07-5648-44f3-bcf3-4b45950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'm-tensou.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"ipv4-addr--59ddbb07-5b34-4f88-ae66-4248950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"value": "202.218.252.73"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb07-58d0-49b9-adca-4687950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://paulcruse.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb08-7f8c-48c5-850b-6211950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'paulcruse.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"ipv4-addr--59ddbb08-3ffc-4b6e-b985-4c25950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"value": "91.215.186.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb08-6f84-49b4-a0be-096f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://suncoastot.com/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb08-3724-4f77-b69f-494f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'suncoastot.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"ipv4-addr--59ddbb09-be44-43f1-a668-4ac6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"dst_ref": "ipv4-addr--59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"value": "98.124.252.176"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb09-b674-4272-bef6-4391950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[url:value = 'http://nsaflow.info/p66/njhgftrf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59ddbb09-78dc-41cf-85c9-31f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"pattern": "[domain-name:value = 'nsaflow.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59dfa831-9e70-435a-816f-431802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"description": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23",
|
|
"pattern": "[file:hashes.SHA256 = 'a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59dfa831-eff4-475c-bd04-48e202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"description": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23",
|
|
"pattern": "[file:hashes.SHA1 = '27d90243d7289de58022850f98c5a0333e8da235']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-10-12T17:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59dfa831-efd4-4add-a72b-414502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-10-12T17:36:49.000Z",
|
|
"modified": "2017-10-12T17:36:49.000Z",
|
|
"first_observed": "2017-10-12T17:36:49Z",
|
|
"last_observed": "2017-10-12T17:36:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59dfa831-efd4-4add-a72b-414502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59dfa831-efd4-4add-a72b-414502de0b81",
|
|
"value": "https://www.virustotal.com/file/a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7/analysis/1507743716/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |