1887 lines
No EOL
80 KiB
JSON
1887 lines
No EOL
80 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a015fbc-3218-4ec8-a4e5-4622950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-22T21:24:01.000Z",
|
|
"modified": "2017-11-22T21:24:01.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5a015fbc-3218-4ec8-a4e5-4622950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-22T21:24:01.000Z",
|
|
"modified": "2017-11-22T21:24:01.000Z",
|
|
"name": "OSINT - OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society",
|
|
"published": "2017-12-28T13:23:01Z",
|
|
"object_refs": [
|
|
"observed-data--5a015fde-71a4-4b05-972b-4cfe950d210f",
|
|
"url--5a015fde-71a4-4b05-972b-4cfe950d210f",
|
|
"x-misp-attribute--5a01600c-8a74-44df-a3f0-434b950d210f",
|
|
"indicator--5a016465-be78-4065-9553-434c950d210f",
|
|
"indicator--5a016465-17fc-4d5e-a695-4649950d210f",
|
|
"indicator--5a016465-e870-42df-a117-44fe950d210f",
|
|
"indicator--5a016465-781c-403d-9c5a-4ba5950d210f",
|
|
"indicator--5a0164d0-ea40-4479-b64b-470b950d210f",
|
|
"indicator--5a0164d0-2444-4a11-b873-4dac950d210f",
|
|
"indicator--5a0164d0-d4ac-4e59-a916-4866950d210f",
|
|
"indicator--5a0164d0-9770-4fd8-8862-4889950d210f",
|
|
"indicator--5a0164d0-ea18-4399-ae85-40dc950d210f",
|
|
"indicator--5a0164d0-3eb4-4504-951f-48ff950d210f",
|
|
"indicator--5a0164d0-43a0-438f-b5db-4286950d210f",
|
|
"indicator--5a0165e2-dff8-478d-9d06-4470950d210f",
|
|
"indicator--5a0165e2-78b4-4e4f-bdb7-46a3950d210f",
|
|
"indicator--5a0165e2-59bc-4169-b93c-4904950d210f",
|
|
"indicator--5a016605-4104-4b06-93ab-4bcb950d210f",
|
|
"indicator--5a016605-ad48-4efb-a0f0-4972950d210f",
|
|
"indicator--5a01662b-dee8-446d-b841-4011950d210f",
|
|
"indicator--5a01662b-c0fc-4eaf-8bc7-4873950d210f",
|
|
"indicator--5a0167fb-668c-4e55-9b2b-4336950d210f",
|
|
"indicator--5a016816-e234-46dc-927d-47f3950d210f",
|
|
"indicator--5a01683b-fa34-4e9c-b9ee-4170950d210f",
|
|
"indicator--5a01692c-b234-4560-8ff2-418e950d210f",
|
|
"indicator--5a01692c-7450-414a-83c4-442a950d210f",
|
|
"indicator--5a018549-d3e8-4157-a870-452d950d210f",
|
|
"indicator--5a017d76-bcd0-4731-a3af-4088950d210f",
|
|
"indicator--5a017de2-7cbc-4681-b527-4be0950d210f",
|
|
"indicator--5a017e0d-6040-4ac6-81cb-46f3950d210f",
|
|
"indicator--5a017e8b-7a68-4226-abac-0d33950d210f",
|
|
"indicator--5a017e9e-bf84-4203-bd90-0eb2950d210f",
|
|
"indicator--5a017ecf-d338-4c0e-82ed-459e950d210f",
|
|
"indicator--5a017ef7-2614-4aca-9e99-1703950d210f",
|
|
"indicator--5a017f1a-4ed4-4b6a-9be9-4325950d210f",
|
|
"indicator--5a018032-c934-4a40-8ecd-474a950d210f",
|
|
"indicator--5a01804c-f5f4-4d3d-9500-483a950d210f",
|
|
"indicator--5a01808b-1128-4b84-9613-45bd950d210f",
|
|
"indicator--5a0180ab-574c-4bb7-9de7-43f8950d210f",
|
|
"indicator--5a0180c7-4214-4ec2-b646-48ae950d210f",
|
|
"indicator--5a0180e4-946c-4205-8b20-0d8d950d210f",
|
|
"indicator--5a01811a-0d64-4ab9-b38e-40af950d210f",
|
|
"indicator--5a01813c-4ed0-4613-9fac-47ea950d210f",
|
|
"indicator--5a01818e-ce74-42d4-8113-4559950d210f",
|
|
"indicator--5a0181a4-5514-47c0-80cd-4ec7950d210f",
|
|
"indicator--5a0181bd-c558-40fb-8162-4cfa950d210f",
|
|
"indicator--5a01823d-e308-4c1e-a533-0eb2950d210f",
|
|
"indicator--5a018256-7ca4-429e-8842-4419950d210f",
|
|
"indicator--5a018272-5dbc-441f-a8a5-4d25950d210f",
|
|
"indicator--5a01828a-6370-4449-9de8-0ab1950d210f",
|
|
"indicator--5a0182af-e47c-4284-a567-487a950d210f",
|
|
"indicator--5a0183d8-9dc8-496a-a5b2-4681950d210f",
|
|
"indicator--5a0183f5-8144-446c-bfd2-425d950d210f",
|
|
"indicator--5a01845e-d6bc-49a5-be8f-4c76950d210f",
|
|
"indicator--5a018486-4088-4256-90f9-6986950d210f",
|
|
"indicator--5a0184b2-6714-47db-b3c4-0ab1950d210f",
|
|
"indicator--5a0184e9-de84-4278-adce-6995950d210f",
|
|
"indicator--5a01851a-4c40-41b6-a5ce-460e950d210f",
|
|
"indicator--5a018532-1c78-4347-ab34-49c8950d210f",
|
|
"indicator--5a018568-8b80-4ccf-a093-6bc1950d210f",
|
|
"indicator--5a0185f1-31d8-4801-8a7a-45ba950d210f",
|
|
"indicator--5a018611-d4f8-46b1-a553-4d8a950d210f",
|
|
"indicator--5a018625-d738-409f-bd65-6bc1950d210f",
|
|
"indicator--5a018639-8798-441f-955c-6bc1950d210f",
|
|
"indicator--5a018651-f3bc-4fea-b802-0ab1950d210f",
|
|
"indicator--5a018667-7df8-4954-a883-4ef1950d210f",
|
|
"indicator--5a018776-959c-496b-aa29-4840950d210f",
|
|
"indicator--5a018797-1064-4946-855d-0ab1950d210f",
|
|
"indicator--5a0187f0-d8e0-4745-9043-4572950d210f",
|
|
"indicator--5a018824-4bdc-45df-9260-6a36950d210f",
|
|
"indicator--5a018977-3c60-4952-bcd3-4826950d210f",
|
|
"indicator--5a018996-4060-4f22-aed8-6995950d210f",
|
|
"indicator--5a0189bc-5860-4bcf-af54-445f950d210f",
|
|
"indicator--5a0189d3-546c-494a-b9cc-6bc1950d210f",
|
|
"indicator--5a0189fa-7200-434b-9183-4336950d210f",
|
|
"indicator--5a018a1f-8458-40f4-9065-0d8d950d210f",
|
|
"indicator--5a018a37-0c94-40d9-9b07-42dd950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:threat-actor=\"APT32\"",
|
|
"type:OSINT",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a015fde-71a4-4b05-972b-4cfe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:26:23.000Z",
|
|
"modified": "2017-11-07T07:26:23.000Z",
|
|
"first_observed": "2017-11-07T07:26:23Z",
|
|
"last_observed": "2017-11-07T07:26:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a015fde-71a4-4b05-972b-4cfe950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a015fde-71a4-4b05-972b-4cfe950d210f",
|
|
"value": "https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5a01600c-8a74-44df-a3f0-434b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:26:15.000Z",
|
|
"modified": "2017-11-07T07:26:15.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "In May 2017, Volexity identified and started tracking a very sophisticated and extremely widespread mass digital surveillance and attack campaign targeting several Asian nations, the ASEAN organization, and hundreds of individuals and organizations tied to media, human rights and civil society causes. These attacks are being conducted through numerous strategically compromised websites and have occurred over several high-profile ASEAN summits. Volexity has tied this attack campaign to an advanced persistent threat (APT) group first identified as OceanLotus by SkyEye Labs in 2015. OceanLotus, also known as APT32, is believed to be a Vietnam-based APT group that has become increasingly sophisticated in its attack tactics, techniques, and procedures (TTPs). Volexity works closely with several human rights and civil society organizations. A few of these organizations have specifically been targeted by OceanLotus since early 2015. As a result, Volexity has been able to directly observe and investigate various attack campaigns."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a016465-be78-4065-9553-434c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:44:37.000Z",
|
|
"modified": "2017-11-07T07:44:37.000Z",
|
|
"description": "ASEAn Compromised Sites",
|
|
"pattern": "[url:value = 'sean.org/modules/aseanmail/js/wp-mailinglist.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:44:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a016465-17fc-4d5e-a695-4649950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:44:37.000Z",
|
|
"modified": "2017-11-07T07:44:37.000Z",
|
|
"description": "ASEAn Compromised Sites",
|
|
"pattern": "[url:value = 'asean.org/modules/wordpress-popup/inc/external/wpmu-lib/js/wpmu-ui.3.min.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:44:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a016465-e870-42df-a117-44fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:44:37.000Z",
|
|
"modified": "2017-11-07T07:44:37.000Z",
|
|
"description": "ASEAn Compromised Sites",
|
|
"pattern": "[domain-name:value = 'atr.asean.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:44:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a016465-781c-403d-9c5a-4ba5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:44:37.000Z",
|
|
"modified": "2017-11-07T07:44:37.000Z",
|
|
"description": "ASEAn Compromised Sites",
|
|
"pattern": "[domain-name:value = 'investasean.asean.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:44:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0164d0-ea40-4479-b64b-470b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:46:24.000Z",
|
|
"modified": "2017-11-07T07:46:24.000Z",
|
|
"description": "Cambodia Compromised Sites",
|
|
"pattern": "[url:value = 'www.mfa.gov.kh/jwplayer.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0164d0-2444-4a11-b873-4dac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:46:24.000Z",
|
|
"modified": "2017-11-07T07:46:24.000Z",
|
|
"description": "Cambodia Compromised Sites",
|
|
"pattern": "[url:value = 'www.moe.gov.kh/other/js/jquery/jquery.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0164d0-d4ac-4e59-a916-4866950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:46:24.000Z",
|
|
"modified": "2017-11-07T07:46:24.000Z",
|
|
"description": "Cambodia Compromised Sites",
|
|
"pattern": "[domain-name:value = 'www.mcs.gov.kh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0164d0-9770-4fd8-8862-4889950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:46:24.000Z",
|
|
"modified": "2017-11-07T07:46:24.000Z",
|
|
"description": "Cambodia Compromised Sites",
|
|
"pattern": "[url:value = 'www.police.gov.kh/wp-includes/js/jquery/jquery.js?ver=1.12.4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0164d0-ea18-4399-ae85-40dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:46:24.000Z",
|
|
"modified": "2017-11-07T07:46:24.000Z",
|
|
"description": "Cambodia Compromised Sites",
|
|
"pattern": "[url:value = 'wtemplates/monasri_template/js/menu/mega.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0164d0-3eb4-4504-951f-48ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:46:24.000Z",
|
|
"modified": "2017-11-07T07:46:24.000Z",
|
|
"description": "Cambodia Compromised Sites",
|
|
"pattern": "[url:value = 'www.mosvy.gov.kh/public/js/default.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0164d0-43a0-438f-b5db-4286950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:46:24.000Z",
|
|
"modified": "2017-11-07T07:46:24.000Z",
|
|
"description": "Cambodia Compromised Sites",
|
|
"pattern": "[domain-name:value = 'www.necelect.org.kh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0165e2-dff8-478d-9d06-4470950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:50:58.000Z",
|
|
"modified": "2017-11-07T07:50:58.000Z",
|
|
"description": "China Compromised Sites",
|
|
"pattern": "[domain-name:value = 'bdstarlbs.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0165e2-78b4-4e4f-bdb7-46a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:50:58.000Z",
|
|
"modified": "2017-11-07T07:50:58.000Z",
|
|
"description": "China Compromised Sites",
|
|
"pattern": "[domain-name:value = 'www.navchina.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0165e2-59bc-4169-b93c-4904950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:50:58.000Z",
|
|
"modified": "2017-11-07T07:50:58.000Z",
|
|
"description": "China Compromised Sites",
|
|
"pattern": "[url:value = 'www.chinaoil.com.cn/chinaoil/xhtml/js/jquery-1.7.2.min.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a016605-4104-4b06-93ab-4bcb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:51:33.000Z",
|
|
"modified": "2017-11-07T07:51:33.000Z",
|
|
"description": "Laos Compromised Sites",
|
|
"pattern": "[domain-name:value = 'bokeo.gov.la']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:51:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a016605-ad48-4efb-a0f0-4972950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:51:33.000Z",
|
|
"modified": "2017-11-07T07:51:33.000Z",
|
|
"description": "Laos Compromised Sites",
|
|
"pattern": "[url:value = 'www.mpwt.gov.la/media/system/js/mootools-core.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:51:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01662b-dee8-446d-b841-4011950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:52:11.000Z",
|
|
"modified": "2017-11-07T07:52:11.000Z",
|
|
"description": "Philippines Compromised Sites",
|
|
"pattern": "[url:value = 'www.afp.mil.ph/modules/mod_js_flexslider/assets/js/jquery.easing.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:52:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01662b-c0fc-4eaf-8bc7-4873950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:52:11.000Z",
|
|
"modified": "2017-11-07T07:52:11.000Z",
|
|
"description": "Philippines Compromised Sites",
|
|
"pattern": "[domain-name:value = 'op-proper.gov.ph']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:52:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0167fb-668c-4e55-9b2b-4336950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T07:59:55.000Z",
|
|
"modified": "2017-11-07T07:59:55.000Z",
|
|
"pattern": "[url:value = 'ttps://health-ray-id.com/robot.txt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T07:59:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a016816-e234-46dc-927d-47f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T08:00:22.000Z",
|
|
"modified": "2017-11-07T08:00:22.000Z",
|
|
"pattern": "[url:value = 'http://ad.jqueryclick.com/assets/adv.js']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T08:00:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01683b-fa34-4e9c-b9ee-4170950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T08:00:59.000Z",
|
|
"modified": "2017-11-07T08:00:59.000Z",
|
|
"pattern": "[domain-name:value = 'health-ray-id.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T08:00:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01692c-b234-4560-8ff2-418e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T08:05:00.000Z",
|
|
"modified": "2017-11-07T08:05:00.000Z",
|
|
"pattern": "[domain-name:value = 'dload01.s3.amazonaws.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T08:05:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01692c-7450-414a-83c4-442a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T08:05:00.000Z",
|
|
"modified": "2017-11-07T08:05:00.000Z",
|
|
"pattern": "[domain-name:value = 'download-attachments.s3.amazonaws.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T08:05:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018549-d3e8-4157-a870-452d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:04:57.000Z",
|
|
"modified": "2017-11-07T10:04:57.000Z",
|
|
"description": "sinkholed",
|
|
"pattern": "[domain-name:value = 'api.fbconnect.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:04:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a017d76-bcd0-4731-a3af-4088950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:31:34.000Z",
|
|
"modified": "2017-11-07T09:31:34.000Z",
|
|
"pattern": "[domain-name:value = 'a.doulbeclick.org' AND domain-name:resolves_to_refs[*].value = '2001:19f0:4400:48ea:5400:ff:fe71:3201' AND domain-name:resolves_to_refs[*].value = '45.76.147.201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:31:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a017de2-7cbc-4681-b527-4be0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:33:22.000Z",
|
|
"modified": "2017-11-07T09:33:22.000Z",
|
|
"pattern": "[domain-name:value = 'ad.adthis.org' AND domain-name:resolves_to_refs[*].value = '2001:19f0:4400:48fd:5400:ff:fe71:3202' AND domain-name:resolves_to_refs[*].value = '45.77.39.101']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:33:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a017e0d-6040-4ac6-81cb-46f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:34:05.000Z",
|
|
"modified": "2017-11-07T09:34:05.000Z",
|
|
"pattern": "[domain-name:value = 'ad.jqueryclick.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.146']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:34:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a017e8b-7a68-4226-abac-0d33950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:36:11.000Z",
|
|
"modified": "2017-11-07T09:36:11.000Z",
|
|
"pattern": "[domain-name:value = 'api.querycore.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:36:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a017e9e-bf84-4203-bd90-0eb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:36:30.000Z",
|
|
"modified": "2017-11-07T09:36:30.000Z",
|
|
"pattern": "[domain-name:value = 'browser-extension.jdfkmiabjpfjacifcmihfdjhpnjpiick.com' AND domain-name:resolves_to_refs[*].value = '79.143.87.174']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:36:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a017ecf-d338-4c0e-82ed-459e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:37:19.000Z",
|
|
"modified": "2017-11-07T09:37:19.000Z",
|
|
"pattern": "[domain-name:value = 'cdn-js.com' AND domain-name:resolves_to_refs[*].value = '128.199.227.80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:37:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a017ef7-2614-4aca-9e99-1703950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:37:59.000Z",
|
|
"modified": "2017-11-07T09:37:59.000Z",
|
|
"pattern": "[domain-name:value = 'cdn.adsfly.co' AND domain-name:resolves_to_refs[*].value = '45.32.100.179' AND domain-name:resolves_to_refs[*].value = '2001:19f0:4400:4798:5400:ff:fe71:3200']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:37:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a017f1a-4ed4-4b6a-9be9-4325950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:38:34.000Z",
|
|
"modified": "2017-11-07T09:38:34.000Z",
|
|
"pattern": "[domain-name:value = 'cdn.disqusapi.com' AND domain-name:resolves_to_refs[*].value = '45.76.179.28' AND domain-name:resolves_to_refs[*].value = '2001:19f0:4400:4989:5400:ff:fe71:3204']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:38:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018032-c934-4a40-8ecd-474a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:43:14.000Z",
|
|
"modified": "2017-11-07T09:43:14.000Z",
|
|
"pattern": "[domain-name:value = 'cloudflare-api.com' AND domain-name:resolves_to_refs[*].value = '45.32.105.45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:43:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01804c-f5f4-4d3d-9500-483a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:43:40.000Z",
|
|
"modified": "2017-11-07T09:43:40.000Z",
|
|
"pattern": "[domain-name:value = 'cory.ns.webjzcnd.com' AND domain-name:resolves_to_refs[*].value = '139.59.223.191']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:43:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01808b-1128-4b84-9613-45bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:44:43.000Z",
|
|
"modified": "2017-11-07T09:44:43.000Z",
|
|
"pattern": "[domain-name:value = 'googlescripts.com' AND domain-name:resolves_to_refs[*].value = '45.114.117.164']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:44:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0180ab-574c-4bb7-9de7-43f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:45:15.000Z",
|
|
"modified": "2017-11-07T09:45:15.000Z",
|
|
"pattern": "[domain-name:value = 'health-ray-id.com' AND domain-name:resolves_to_refs[*].value = '2604:a880:2:d0::378c:e001' AND domain-name:resolves_to_refs[*].value = '138.197.236.215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:45:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0180c7-4214-4ec2-b646-48ae950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:45:43.000Z",
|
|
"modified": "2017-11-07T09:45:43.000Z",
|
|
"pattern": "[domain-name:value = 'hit.asmung.net' AND domain-name:resolves_to_refs[*].value = '45.32.114.49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:45:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0180e4-946c-4205-8b20-0d8d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:46:12.000Z",
|
|
"modified": "2017-11-07T09:46:12.000Z",
|
|
"pattern": "[domain-name:value = 'jquery.google-script.org' AND domain-name:resolves_to_refs[*].value = '45.32.105.45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:46:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01811a-0d64-4ab9-b38e-40af950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:47:06.000Z",
|
|
"modified": "2017-11-07T09:47:06.000Z",
|
|
"pattern": "[domain-name:value = 'js.ecommer.org' AND domain-name:resolves_to_refs[*].value = '45.76.179.151' AND domain-name:resolves_to_refs[*].value = '2001:19f0:4400:48fd:5400:ff:fe71:3202']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:47:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01813c-4ed0-4613-9fac-47ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:47:40.000Z",
|
|
"modified": "2017-11-07T09:47:40.000Z",
|
|
"pattern": "[domain-name:value = 's.jscore-group.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:47:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01818e-ce74-42d4-8113-4559950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:49:02.000Z",
|
|
"modified": "2017-11-07T09:49:02.000Z",
|
|
"pattern": "[domain-name:value = 's1.gridsumcontent.com' AND domain-name:resolves_to_refs[*].value = '103.28.44.112']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:49:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0181a4-5514-47c0-80cd-4ec7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:49:24.000Z",
|
|
"modified": "2017-11-07T09:49:24.000Z",
|
|
"pattern": "[domain-name:value = 's1.jqueryclick.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:49:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0181bd-c558-40fb-8162-4cfa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:49:49.000Z",
|
|
"modified": "2017-11-07T09:49:49.000Z",
|
|
"pattern": "[domain-name:value = 'ssl.security.akamaihd-d.com' AND domain-name:resolves_to_refs[*].value = '37.59.198.131']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:49:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01823d-e308-4c1e-a533-0eb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:51:57.000Z",
|
|
"modified": "2017-11-07T09:51:57.000Z",
|
|
"pattern": "[domain-name:value = 'stat.cdnanalytic.com' AND domain-name:resolves_to_refs[*].value = '203.114.75.22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:51:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018256-7ca4-429e-8842-4419950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:52:22.000Z",
|
|
"modified": "2017-11-07T09:52:22.000Z",
|
|
"pattern": "[domain-name:value = 'stats.widgetapi.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:52:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018272-5dbc-441f-a8a5-4d25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:52:50.000Z",
|
|
"modified": "2017-11-07T09:52:50.000Z",
|
|
"pattern": "[domain-name:value = 'track-google.com' AND domain-name:resolves_to_refs[*].value = '203.114.75.73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:52:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01828a-6370-4449-9de8-0ab1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:53:14.000Z",
|
|
"modified": "2017-11-07T09:53:14.000Z",
|
|
"pattern": "[domain-name:value = 'update.security.akamaihd-d.com' AND domain-name:resolves_to_refs[*].value = '89.33.64.207']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:53:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0182af-e47c-4284-a567-487a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:53:51.000Z",
|
|
"modified": "2017-11-07T09:53:51.000Z",
|
|
"pattern": "[domain-name:value = 'update.webfontupdate.com' AND domain-name:resolves_to_refs[*].value = '188.166.219.18' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:d001']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:53:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0183d8-9dc8-496a-a5b2-4681950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:58:48.000Z",
|
|
"modified": "2017-11-07T09:58:48.000Z",
|
|
"pattern": "[domain-name:value = 'wiget.adsfly.co' AND domain-name:resolves_to_refs[*].value = '2001:19f0:4400:4798:5400:ff:fe71:3200' AND domain-name:resolves_to_refs[*].value = '45.32.100.179']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:58:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0183f5-8144-446c-bfd2-425d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T09:59:17.000Z",
|
|
"modified": "2017-11-07T09:59:17.000Z",
|
|
"pattern": "[domain-name:value = 'www.googleuserscontent.org' AND domain-name:resolves_to_refs[*].value = '139.59.217.207' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:7001']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T09:59:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01845e-d6bc-49a5-be8f-4c76950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:01:02.000Z",
|
|
"modified": "2017-11-07T10:01:02.000Z",
|
|
"pattern": "[domain-name:value = 'ad.linksys-analytic.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:01:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018486-4088-4256-90f9-6986950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:01:42.000Z",
|
|
"modified": "2017-11-07T10:01:42.000Z",
|
|
"pattern": "[domain-name:value = 'ads.alternativeads.net' AND domain-name:resolves_to_refs[*].value = '45.77.39.101' AND domain-name:resolves_to_refs[*].value = '2001:19f0:4400:48fd:5400:ff:fe71:3202']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:01:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0184b2-6714-47db-b3c4-0ab1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:02:26.000Z",
|
|
"modified": "2017-11-07T10:02:26.000Z",
|
|
"pattern": "[domain-name:value = 'api.2nd-weibo.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.146']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:02:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0184e9-de84-4278-adce-6995950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:03:21.000Z",
|
|
"modified": "2017-11-07T10:03:21.000Z",
|
|
"pattern": "[domain-name:value = 'api.analyticsearch.org' AND domain-name:resolves_to_refs[*].value = '64.62.174.41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:03:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a01851a-4c40-41b6-a5ce-460e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:04:10.000Z",
|
|
"modified": "2017-11-07T10:04:10.000Z",
|
|
"pattern": "[domain-name:value = 'api.baiduusercontent.com' AND domain-name:resolves_to_refs[*].value = '79.143.87.174']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:04:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018532-1c78-4347-ab34-49c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:04:34.000Z",
|
|
"modified": "2017-11-07T10:04:34.000Z",
|
|
"pattern": "[domain-name:value = 'api.disquscore.com' AND domain-name:resolves_to_refs[*].value = '128.199.227.80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:04:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018568-8b80-4ccf-a093-6bc1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:05:28.000Z",
|
|
"modified": "2017-11-07T10:05:28.000Z",
|
|
"pattern": "[domain-name:value = 'cache.akamaihd-d.com' AND domain-name:resolves_to_refs[*].value = '89.33.64.232']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:05:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0185f1-31d8-4801-8a7a-45ba950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:07:45.000Z",
|
|
"modified": "2017-11-07T10:07:45.000Z",
|
|
"pattern": "[domain-name:value = 'cloud.corewidget.com' AND domain-name:resolves_to_refs[*].value = '139.59.217.207' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:7001']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:07:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018611-d4f8-46b1-a553-4d8a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:08:17.000Z",
|
|
"modified": "2017-11-07T10:08:17.000Z",
|
|
"pattern": "[domain-name:value = 'core.alternativeads.net' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:9001' AND domain-name:resolves_to_refs[*].value = '139.59.220.12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:08:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018625-d738-409f-bd65-6bc1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:08:37.000Z",
|
|
"modified": "2017-11-07T10:08:37.000Z",
|
|
"pattern": "[domain-name:value = 'd3.advertisingbaidu.com' AND domain-name:resolves_to_refs[*].value = '139.59.223.191']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:08:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018639-8798-441f-955c-6bc1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:08:57.000Z",
|
|
"modified": "2017-11-07T10:08:57.000Z",
|
|
"pattern": "[domain-name:value = 'eclick.analyticsearch.org' AND domain-name:resolves_to_refs[*].value = '64.62.174.21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:08:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018651-f3bc-4fea-b802-0ab1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:09:21.000Z",
|
|
"modified": "2017-11-07T10:09:21.000Z",
|
|
"pattern": "[domain-name:value = 'google-js.net' AND domain-name:resolves_to_refs[*].value = '45.32.105.45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:09:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018667-7df8-4954-a883-4ef1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:09:43.000Z",
|
|
"modified": "2017-11-07T10:09:43.000Z",
|
|
"pattern": "[domain-name:value = 'google-js.org' AND domain-name:resolves_to_refs[*].value = '45.32.105.45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:09:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018776-959c-496b-aa29-4840950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:14:14.000Z",
|
|
"modified": "2017-11-07T10:14:14.000Z",
|
|
"pattern": "[domain-name:value = 'google-script.net' AND domain-name:resolves_to_refs[*].value = '45.32.105.45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:14:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018797-1064-4946-855d-0ab1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:14:47.000Z",
|
|
"modified": "2017-11-07T10:14:47.000Z",
|
|
"pattern": "[domain-name:value = 'gs.baidustats.com' AND domain-name:resolves_to_refs[*].value = '103.28.44.115']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:14:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0187f0-d8e0-4745-9043-4572950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:16:16.000Z",
|
|
"modified": "2017-11-07T10:16:16.000Z",
|
|
"pattern": "[domain-name:value = 'linked.livestreamanalytic.com' AND domain-name:resolves_to_refs[*].value = '139.59.220.10' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:8001']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:16:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018824-4bdc-45df-9260-6a36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:17:07.000Z",
|
|
"modified": "2017-11-07T10:17:07.000Z",
|
|
"pattern": "[domain-name:value = 'linksys-analytic.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:17:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018977-3c60-4952-bcd3-4826950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:22:47.000Z",
|
|
"modified": "2017-11-07T10:22:47.000Z",
|
|
"pattern": "[domain-name:value = 'live.webfontupdate.com' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:d001' AND domain-name:resolves_to_refs[*].value = '188.166.219.18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018996-4060-4f22-aed8-6995950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:23:18.000Z",
|
|
"modified": "2017-11-07T10:23:18.000Z",
|
|
"pattern": "[domain-name:value = 'static.livestreamanalytic.com' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:8001' AND domain-name:resolves_to_refs[*].value = '139.59.220.10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:23:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0189bc-5860-4bcf-af54-445f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:23:56.000Z",
|
|
"modified": "2017-11-07T10:23:56.000Z",
|
|
"pattern": "[domain-name:value = 'stats.corewidget.com' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:7001' AND domain-name:resolves_to_refs[*].value = '139.59.217.207']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:23:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0189d3-546c-494a-b9cc-6bc1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:24:19.000Z",
|
|
"modified": "2017-11-07T10:24:19.000Z",
|
|
"pattern": "[domain-name:value = 'update.akamaihd-d.com' AND domain-name:resolves_to_refs[*].value = '37.59.198.130']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:24:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0189fa-7200-434b-9183-4336950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:24:58.000Z",
|
|
"modified": "2017-11-07T10:24:58.000Z",
|
|
"pattern": "[domain-name:value = 'update.webfontupdate.com' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:d001' AND domain-name:resolves_to_refs[*].value = '188.166.219.18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:24:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018a1f-8458-40f4-9065-0d8d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:25:35.000Z",
|
|
"modified": "2017-11-07T10:25:35.000Z",
|
|
"pattern": "[domain-name:value = 'upgrade.liveupdateplugins.com' AND domain-name:resolves_to_refs[*].value = '2400:6180:0:d0::4315:c001' AND domain-name:resolves_to_refs[*].value = '128.199.90.216']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:25:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a018a37-0c94-40d9-9b07-42dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-07T10:25:59.000Z",
|
|
"modified": "2017-11-07T10:25:59.000Z",
|
|
"pattern": "[domain-name:value = 'widget.jscore-group.com' AND domain-name:resolves_to_refs[*].value = '64.62.174.9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-07T10:25:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |