971 lines
No EOL
39 KiB
JSON
971 lines
No EOL
39 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a0451b3-211c-45f2-ac24-403d950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:54.000Z",
|
|
"modified": "2017-11-09T21:05:54.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5a0451b3-211c-45f2-ac24-403d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:54.000Z",
|
|
"modified": "2017-11-09T21:05:54.000Z",
|
|
"name": "M2M - Locky 2017-11-07 : Affid=3, offline, \".asasin\" : \"Emailing: AZ123 - 07.11.2017\" - \"AZ123 - 07.11.2017.doc\"",
|
|
"published": "2017-11-09T21:06:51Z",
|
|
"object_refs": [
|
|
"indicator--5a0451b4-0b64-4121-b2e1-cc6f950d210f",
|
|
"indicator--5a0451b5-d364-4bd3-a8e6-412e950d210f",
|
|
"indicator--5a0451b5-f320-45ed-9106-4323950d210f",
|
|
"observed-data--5a0451b5-e620-4fba-b8af-467f950d210f",
|
|
"network-traffic--5a0451b5-e620-4fba-b8af-467f950d210f",
|
|
"ipv4-addr--5a0451b5-e620-4fba-b8af-467f950d210f",
|
|
"indicator--5a0451b5-e204-472d-9b39-428d950d210f",
|
|
"indicator--5a0451b6-dbc4-4f3c-aa71-475f950d210f",
|
|
"observed-data--5a0451b6-f194-4785-bcf4-4a04950d210f",
|
|
"network-traffic--5a0451b6-f194-4785-bcf4-4a04950d210f",
|
|
"ipv4-addr--5a0451b6-f194-4785-bcf4-4a04950d210f",
|
|
"indicator--5a0451b6-3b18-4127-9450-4986950d210f",
|
|
"indicator--5a0451b6-c438-4c75-875a-4d39950d210f",
|
|
"indicator--5a0451b7-c01c-49aa-b3d6-49c6950d210f",
|
|
"indicator--5a0451b7-4a8c-4c3a-a81f-4434950d210f",
|
|
"indicator--5a0451b7-b814-4781-b6fe-472c950d210f",
|
|
"indicator--5a0451b7-0a00-40b2-ac97-20a6950d210f",
|
|
"observed-data--5a0451b8-c3b0-458d-b969-4fc5950d210f",
|
|
"network-traffic--5a0451b8-c3b0-458d-b969-4fc5950d210f",
|
|
"ipv4-addr--5a0451b8-c3b0-458d-b969-4fc5950d210f",
|
|
"indicator--5a0451b8-e1a8-414e-b86a-4f08950d210f",
|
|
"indicator--5a0451b8-8ad8-47de-bbe5-42e5950d210f",
|
|
"observed-data--5a0451b9-6808-4095-8106-cc6f950d210f",
|
|
"network-traffic--5a0451b9-6808-4095-8106-cc6f950d210f",
|
|
"ipv4-addr--5a0451b9-6808-4095-8106-cc6f950d210f",
|
|
"indicator--5a0451b9-a470-45ac-bfde-4290950d210f",
|
|
"indicator--5a0451b9-47fc-404e-9260-4e68950d210f",
|
|
"observed-data--5a0451ba-3834-4942-bc3b-40d4950d210f",
|
|
"network-traffic--5a0451ba-3834-4942-bc3b-40d4950d210f",
|
|
"ipv4-addr--5a0451ba-3834-4942-bc3b-40d4950d210f",
|
|
"indicator--5a0451ba-85fc-4f09-a338-4550950d210f",
|
|
"indicator--5a0451ba-3d98-4390-b10a-20a6950d210f",
|
|
"observed-data--5a0451ba-7794-4c37-aae1-cdb1950d210f",
|
|
"network-traffic--5a0451ba-7794-4c37-aae1-cdb1950d210f",
|
|
"ipv4-addr--5a0451ba-7794-4c37-aae1-cdb1950d210f",
|
|
"indicator--5a0451bb-dba0-4d53-81e5-4979950d210f",
|
|
"indicator--5a0451bb-c20c-487d-839a-75a9950d210f",
|
|
"observed-data--5a0451bc-0a80-4f65-ad6d-4b1d950d210f",
|
|
"network-traffic--5a0451bc-0a80-4f65-ad6d-4b1d950d210f",
|
|
"ipv4-addr--5a0451bc-0a80-4f65-ad6d-4b1d950d210f",
|
|
"indicator--5a0451bc-b638-4615-93a3-48ee950d210f",
|
|
"indicator--5a0451bc-ac14-4093-b9d4-40b5950d210f",
|
|
"observed-data--5a0451bc-3808-4518-bc79-20a6950d210f",
|
|
"network-traffic--5a0451bc-3808-4518-bc79-20a6950d210f",
|
|
"ipv4-addr--5a0451bc-3808-4518-bc79-20a6950d210f",
|
|
"indicator--5a0451bd-18e8-4e9c-a249-cc6f950d210f",
|
|
"indicator--5a0451bd-ea08-46bc-ad11-48b1950d210f",
|
|
"indicator--5a04c32e-00b8-4950-a5ed-42c402de0b81",
|
|
"indicator--5a04c32e-2384-475a-b1e6-40d602de0b81",
|
|
"observed-data--5a04c32e-3068-44f7-bdfe-43dd02de0b81",
|
|
"url--5a04c32e-3068-44f7-bdfe-43dd02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b4-0b64-4121-b2e1-cc6f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a4872e4fe84e5adcc49ba4c641547821']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b5-d364-4bd3-a8e6-412e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://c3pconsulting.com/7863']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b5-f320-45ed-9106-4323950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'c3pconsulting.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a0451b5-e620-4fba-b8af-467f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"first_observed": "2017-11-09T21:05:49Z",
|
|
"last_observed": "2017-11-09T21:05:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a0451b5-e620-4fba-b8af-467f950d210f",
|
|
"ipv4-addr--5a0451b5-e620-4fba-b8af-467f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a0451b5-e620-4fba-b8af-467f950d210f",
|
|
"dst_ref": "ipv4-addr--5a0451b5-e620-4fba-b8af-467f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a0451b5-e620-4fba-b8af-467f950d210f",
|
|
"value": "192.186.219.83"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b5-e204-472d-9b39-428d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://city-hospital.com/7863']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b6-dbc4-4f3c-aa71-475f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'city-hospital.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a0451b6-f194-4785-bcf4-4a04950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"first_observed": "2017-11-09T21:05:49Z",
|
|
"last_observed": "2017-11-09T21:05:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a0451b6-f194-4785-bcf4-4a04950d210f",
|
|
"ipv4-addr--5a0451b6-f194-4785-bcf4-4a04950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a0451b6-f194-4785-bcf4-4a04950d210f",
|
|
"dst_ref": "ipv4-addr--5a0451b6-f194-4785-bcf4-4a04950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a0451b6-f194-4785-bcf4-4a04950d210f",
|
|
"value": "148.251.218.75"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b6-3b18-4127-9450-4986950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://developmenttesting.website/7863']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b6-c438-4c75-875a-4d39950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'developmenttesting.website']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b7-c01c-49aa-b3d6-49c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://ecochart.org/7863']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b7-4a8c-4c3a-a81f-4434950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'ecochart.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b7-b814-4781-b6fe-472c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://arcusautomatika.ba/mngytr56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b7-0a00-40b2-ac97-20a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'arcusautomatika.ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a0451b8-c3b0-458d-b969-4fc5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"first_observed": "2017-11-09T21:05:49Z",
|
|
"last_observed": "2017-11-09T21:05:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a0451b8-c3b0-458d-b969-4fc5950d210f",
|
|
"ipv4-addr--5a0451b8-c3b0-458d-b969-4fc5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a0451b8-c3b0-458d-b969-4fc5950d210f",
|
|
"dst_ref": "ipv4-addr--5a0451b8-c3b0-458d-b969-4fc5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a0451b8-c3b0-458d-b969-4fc5950d210f",
|
|
"value": "195.222.33.183"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b8-e1a8-414e-b86a-4f08950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://2013oakseedessaycontest.com/mngytr56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b8-8ad8-47de-bbe5-42e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = '2013oakseedessaycontest.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a0451b9-6808-4095-8106-cc6f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"first_observed": "2017-11-09T21:05:49Z",
|
|
"last_observed": "2017-11-09T21:05:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a0451b9-6808-4095-8106-cc6f950d210f",
|
|
"ipv4-addr--5a0451b9-6808-4095-8106-cc6f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a0451b9-6808-4095-8106-cc6f950d210f",
|
|
"dst_ref": "ipv4-addr--5a0451b9-6808-4095-8106-cc6f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a0451b9-6808-4095-8106-cc6f950d210f",
|
|
"value": "108.167.141.148"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b9-a470-45ac-bfde-4290950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://altarek.com/mngytr56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451b9-47fc-404e-9260-4e68950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'altarek.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a0451ba-3834-4942-bc3b-40d4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"first_observed": "2017-11-09T21:05:49Z",
|
|
"last_observed": "2017-11-09T21:05:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a0451ba-3834-4942-bc3b-40d4950d210f",
|
|
"ipv4-addr--5a0451ba-3834-4942-bc3b-40d4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a0451ba-3834-4942-bc3b-40d4950d210f",
|
|
"dst_ref": "ipv4-addr--5a0451ba-3834-4942-bc3b-40d4950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a0451ba-3834-4942-bc3b-40d4950d210f",
|
|
"value": "67.210.100.133"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451ba-85fc-4f09-a338-4550950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://basarteks.com/mngytr56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451ba-3d98-4390-b10a-20a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'basarteks.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a0451ba-7794-4c37-aae1-cdb1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"first_observed": "2017-11-09T21:05:49Z",
|
|
"last_observed": "2017-11-09T21:05:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a0451ba-7794-4c37-aae1-cdb1950d210f",
|
|
"ipv4-addr--5a0451ba-7794-4c37-aae1-cdb1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a0451ba-7794-4c37-aae1-cdb1950d210f",
|
|
"dst_ref": "ipv4-addr--5a0451ba-7794-4c37-aae1-cdb1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a0451ba-7794-4c37-aae1-cdb1950d210f",
|
|
"value": "195.87.101.81"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451bb-dba0-4d53-81e5-4979950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://amcscomputer.com/mngytr56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451bb-c20c-487d-839a-75a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'amcscomputer.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a0451bc-0a80-4f65-ad6d-4b1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"first_observed": "2017-11-09T21:05:49Z",
|
|
"last_observed": "2017-11-09T21:05:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a0451bc-0a80-4f65-ad6d-4b1d950d210f",
|
|
"ipv4-addr--5a0451bc-0a80-4f65-ad6d-4b1d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a0451bc-0a80-4f65-ad6d-4b1d950d210f",
|
|
"dst_ref": "ipv4-addr--5a0451bc-0a80-4f65-ad6d-4b1d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a0451bc-0a80-4f65-ad6d-4b1d950d210f",
|
|
"value": "216.242.171.101"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451bc-b638-4615-93a3-48ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://bobtheprinter.com/mngytr56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451bc-ac14-4093-b9d4-40b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'bobtheprinter.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a0451bc-3808-4518-bc79-20a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"first_observed": "2017-11-09T21:05:49Z",
|
|
"last_observed": "2017-11-09T21:05:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a0451bc-3808-4518-bc79-20a6950d210f",
|
|
"ipv4-addr--5a0451bc-3808-4518-bc79-20a6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a0451bc-3808-4518-bc79-20a6950d210f",
|
|
"dst_ref": "ipv4-addr--5a0451bc-3808-4518-bc79-20a6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a0451bc-3808-4518-bc79-20a6950d210f",
|
|
"value": "216.228.2.70"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451bd-18e8-4e9c-a249-cc6f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[url:value = 'http://muchinfaket.net/p66/mngytr56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0451bd-ea08-46bc-ad11-48b1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:49.000Z",
|
|
"modified": "2017-11-09T21:05:49.000Z",
|
|
"pattern": "[domain-name:value = 'muchinfaket.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a04c32e-00b8-4950-a5ed-42c402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:50.000Z",
|
|
"modified": "2017-11-09T21:05:50.000Z",
|
|
"description": "- Xchecked via VT: a4872e4fe84e5adcc49ba4c641547821",
|
|
"pattern": "[file:hashes.SHA256 = '423dc1aaaed311349f9932a643a032d18f0589b97275b501a7a7f6955f5aac46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a04c32e-2384-475a-b1e6-40d602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:50.000Z",
|
|
"modified": "2017-11-09T21:05:50.000Z",
|
|
"description": "- Xchecked via VT: a4872e4fe84e5adcc49ba4c641547821",
|
|
"pattern": "[file:hashes.SHA1 = '38fbc212ba2fde3dc0d9f3e9fa27df1411604398']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-11-09T21:05:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a04c32e-3068-44f7-bdfe-43dd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-11-09T21:05:50.000Z",
|
|
"modified": "2017-11-09T21:05:50.000Z",
|
|
"first_observed": "2017-11-09T21:05:50Z",
|
|
"last_observed": "2017-11-09T21:05:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a04c32e-3068-44f7-bdfe-43dd02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a04c32e-3068-44f7-bdfe-43dd02de0b81",
|
|
"value": "https://www.virustotal.com/file/423dc1aaaed311349f9932a643a032d18f0589b97275b501a7a7f6955f5aac46/analysis/1510152311/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |