adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a4c917d-b144-44cc-b046-4e53950d210f.json

1053 lines
No EOL
42 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5a4c917d-b144-44cc-b046-4e53950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:30.000Z",
"modified": "2018-01-03T20:56:30.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a4c917d-b144-44cc-b046-4e53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:30.000Z",
"modified": "2018-01-03T20:56:30.000Z",
"name": "M2M - GlobeImposter \"..doc\" 2017-12-28 :\n \"CCE28122017_001234\" - \"CCE28122017_001234.7z\"",
"context": "suspicious-activity",
"object_refs": [
"indicator--5a4c917d-1d28-4808-b076-4942950d210f",
"indicator--5a4c917e-09dc-46a6-8dea-44f9950d210f",
"indicator--5a4c9180-b100-426d-9d3e-4ce8950d210f",
"indicator--5a4c9181-979c-421b-bad3-4f0b950d210f",
"observed-data--5a4c9183-0344-450c-8580-4990950d210f",
"network-traffic--5a4c9183-0344-450c-8580-4990950d210f",
"ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f",
"indicator--5a4c9184-dee8-419a-b52c-4af8950d210f",
"indicator--5a4c9185-2b28-42b3-b58a-43af950d210f",
"observed-data--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
"network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
"ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
"indicator--5a4c9188-7188-4391-823d-4251950d210f",
"indicator--5a4c9189-7bbc-49ca-b2ef-4fdb950d210f",
"observed-data--5a4c918b-78fc-4790-86b9-4700950d210f",
"network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f",
"ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f",
"indicator--5a4c918c-c8bc-4554-bf8e-4b4b950d210f",
"indicator--5a4c918d-2180-46cd-82ce-42ec950d210f",
"observed-data--5a4c918f-7f9c-4033-bd46-4226950d210f",
"network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f",
"ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f",
"indicator--5a4c9191-67ec-484e-9820-43df950d210f",
"indicator--5a4c9192-b3c4-4637-af92-4eed950d210f",
"observed-data--5a4c9193-69c4-4e05-ac16-4b82950d210f",
"network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f",
"ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f",
"indicator--5a4c9195-4664-45df-9632-431a950d210f",
"indicator--5a4c9196-adb8-4406-9979-4540950d210f",
"observed-data--5a4c9198-77cc-47a0-88a4-432c950d210f",
"network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f",
"ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f",
"indicator--5a4c919a-cbd0-4c02-9698-4b49950d210f",
"indicator--5a4c919b-b310-4a79-9817-411e950d210f",
"observed-data--5a4c919c-7d60-4c82-95b6-4c06950d210f",
"network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f",
"ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f",
"indicator--5a4c919d-f548-4b5f-bb53-432f950d210f",
"indicator--5a4c919e-f1cc-4d65-a67b-477b950d210f",
"indicator--5a4c91a0-6c1c-4139-9ec9-4f42950d210f",
"indicator--5a4c91a3-581c-4d8b-abae-4668950d210f",
"observed-data--5a4c91a5-3600-4769-bb3b-4c56950d210f",
"network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f",
"ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f",
"indicator--5a4c91a7-a240-4109-894a-4bcf950d210f",
"indicator--5a4c91a9-795c-4777-92c8-4769950d210f",
"observed-data--5a4c91ab-e288-43b6-a176-432b950d210f",
"network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f",
"ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f",
"indicator--429839aa-8a63-48c6-a526-9c59fdc171bb",
"x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab",
"indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2",
"x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6",
"relationship--0f2dc911-35c4-43ed-b9dc-1a3d2c922601",
"relationship--4e3f925c-b878-403c-8e46-df8f4486ffbc"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Fake Globe Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c917d-1d28-4808-b076-4942950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T08:17:01.000Z",
"modified": "2018-01-03T08:17:01.000Z",
"pattern": "[file:hashes.MD5 = 'db0ecea901d4b4bf7aac1f6202e85bff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T08:17:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c917e-09dc-46a6-8dea-44f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T08:17:02.000Z",
"modified": "2018-01-03T08:17:02.000Z",
"pattern": "[file:hashes.MD5 = '62461a2a840d61f1c1f6ded106666a56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T08:17:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9180-b100-426d-9d3e-4ce8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://berkahbajamakmur.com/06YefeR']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9181-979c-421b-bad3-4f0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'berkahbajamakmur.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9183-0344-450c-8580-4990950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9183-0344-450c-8580-4990950d210f",
"ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9183-0344-450c-8580-4990950d210f",
"dst_ref": "ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f",
"value": "202.71.103.249"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9184-dee8-419a-b52c-4af8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://slimthrive.net/06YefeR']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9185-2b28-42b3-b58a-43af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'slimthrive.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
"ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
"dst_ref": "ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
"value": "199.188.200.142"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9188-7188-4391-823d-4251950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://smartnewjerseyhomebuyers.com/06YefeR']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9189-7bbc-49ca-b2ef-4fdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'smartnewjerseyhomebuyers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c918b-78fc-4790-86b9-4700950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f",
"ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f",
"dst_ref": "ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f",
"value": "199.188.200.143"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c918c-c8bc-4554-bf8e-4b4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://standardfederalproperties.com/06YefeR']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c918d-2180-46cd-82ce-42ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'standardfederalproperties.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c918f-7f9c-4033-bd46-4226950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f",
"ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f",
"dst_ref": "ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f",
"value": "162.144.81.164"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9191-67ec-484e-9820-43df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://swarm-solutions.com/06YefeR']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9192-b3c4-4637-af92-4eed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'swarm-solutions.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9193-69c4-4e05-ac16-4b82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f",
"ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f",
"dst_ref": "ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f",
"value": "50.62.228.1"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9195-4664-45df-9632-431a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://weserve.world/06YefeR']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9196-adb8-4406-9979-4540950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'weserve.world']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9198-77cc-47a0-88a4-432c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f",
"ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f",
"dst_ref": "ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f",
"value": "199.188.200.150"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c919a-cbd0-4c02-9698-4b49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://yourappyourway.com/06YefeR']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c919b-b310-4a79-9817-411e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'yourappyourway.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c919c-7d60-4c82-95b6-4c06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f",
"ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f",
"dst_ref": "ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f",
"value": "199.188.200.96"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c919d-f548-4b5f-bb53-432f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://zeeshanasghar.website/06YefeR']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c919e-f1cc-4d65-a67b-477b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'zeeshanasghar.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c91a0-6c1c-4139-9ec9-4f42950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c91a3-581c-4d8b-abae-4668950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c91a5-3600-4769-bb3b-4c56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f",
"ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f",
"dst_ref": "ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f",
"value": "103.198.0.2"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c91a7-a240-4109-894a-4bcf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c91a9-795c-4777-92c8-4769950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"pattern": "[domain-name:value = 'psoeiras.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c91ab-e288-43b6-a176-432b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:18.000Z",
"modified": "2018-01-03T20:56:18.000Z",
"first_observed": "2018-01-03T20:56:18Z",
"last_observed": "2018-01-03T20:56:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f",
"ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f",
"dst_ref": "ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f",
"value": "74.220.219.67"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--429839aa-8a63-48c6-a526-9c59fdc171bb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:21.000Z",
"modified": "2018-01-03T20:56:21.000Z",
"pattern": "[file:hashes.MD5 = '62461a2a840d61f1c1f6ded106666a56' AND file:hashes.SHA1 = '6d30c34e4ee30cc257604ac00b73bd03abdf6f38' AND file:hashes.SHA256 = 'f8f07c01e2092c1cac889799a17a0f740c057375d105567fc2f31c946ff63232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:19.000Z",
"modified": "2018-01-03T20:56:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f8f07c01e2092c1cac889799a17a0f740c057375d105567fc2f31c946ff63232/analysis/1514527094/",
"category": "External analysis",
"uuid": "5a4d4373-3224-4970-af3e-410002de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/67",
"category": "Other",
"uuid": "5a4d4373-7f90-4568-8224-4dbb02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-29 05:58:14",
"category": "Other",
"uuid": "5a4d4373-5ab0-45ca-8387-4dab02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:22.000Z",
"modified": "2018-01-03T20:56:22.000Z",
"pattern": "[file:hashes.MD5 = 'db0ecea901d4b4bf7aac1f6202e85bff' AND file:hashes.SHA1 = 'ad7627b1971bc7ac7ce81c77921adf6261bad79e' AND file:hashes.SHA256 = '34e26931754f889d0800cc975d7d15d6dd9dc69a3e80d3babeaa93b1f0eae2ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T20:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T20:56:19.000Z",
"modified": "2018-01-03T20:56:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/34e26931754f889d0800cc975d7d15d6dd9dc69a3e80d3babeaa93b1f0eae2ba/analysis/1514457956/",
"category": "External analysis",
"uuid": "5a4d4373-178c-451f-b7b7-4ed802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "11/68",
"category": "Other",
"uuid": "5a4d4373-e534-4623-a086-45a302de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-28 10:45:56",
"category": "Other",
"uuid": "5a4d4373-1430-49a8-9449-441a02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0f2dc911-35c4-43ed-b9dc-1a3d2c922601",
"created": "2018-01-03T20:56:19.000Z",
"modified": "2018-01-03T20:56:19.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--429839aa-8a63-48c6-a526-9c59fdc171bb",
"target_ref": "x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4e3f925c-b878-403c-8e46-df8f4486ffbc",
"created": "2018-01-03T20:56:20.000Z",
"modified": "2018-01-03T20:56:20.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2",
"target_ref": "x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink