7573 lines
No EOL
300 KiB
JSON
7573 lines
No EOL
300 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--59b657a9-22b4-4223-a908-fc5a950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:33:12.000Z",
|
|
"modified": "2017-09-11T09:33:12.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--59b657a9-22b4-4223-a908-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:33:12.000Z",
|
|
"modified": "2017-09-11T09:33:12.000Z",
|
|
"name": "M2M - malspam Subject FreeFax From:\\d{10}",
|
|
"published": "2017-09-11T09:33:32Z",
|
|
"object_refs": [
|
|
"indicator--59b657a9-ba00-4cfe-90fc-a587950d210f",
|
|
"indicator--59b657aa-62b8-4a5c-96dd-170a950d210f",
|
|
"indicator--59b657aa-7fcc-43c8-b7a5-0a3e950d210f",
|
|
"indicator--59b657aa-85fc-4630-8237-fd31950d210f",
|
|
"indicator--59b657aa-211c-4ebe-8bf2-a7f8950d210f",
|
|
"observed-data--59b657ab-affc-42d0-8d18-fcd2950d210f",
|
|
"network-traffic--59b657ab-affc-42d0-8d18-fcd2950d210f",
|
|
"ipv4-addr--59b657ab-affc-42d0-8d18-fcd2950d210f",
|
|
"indicator--59b657ab-2ae8-4564-a705-1285950d210f",
|
|
"indicator--59b657ab-34e4-46c3-9d31-a587950d210f",
|
|
"observed-data--59b657ac-3598-4a6c-8a61-a7d3950d210f",
|
|
"network-traffic--59b657ac-3598-4a6c-8a61-a7d3950d210f",
|
|
"ipv4-addr--59b657ac-3598-4a6c-8a61-a7d3950d210f",
|
|
"indicator--59b657ac-9940-4399-96ae-a4fe950d210f",
|
|
"indicator--59b657ac-0894-49ba-acf1-fc77950d210f",
|
|
"observed-data--59b657ac-9d30-4689-ba70-0a3c950d210f",
|
|
"network-traffic--59b657ac-9d30-4689-ba70-0a3c950d210f",
|
|
"ipv4-addr--59b657ac-9d30-4689-ba70-0a3c950d210f",
|
|
"indicator--59b657ac-f700-4c9f-8c28-a7f8950d210f",
|
|
"indicator--59b657ad-e24c-4fa4-8e46-1684950d210f",
|
|
"observed-data--59b657ad-b6c8-42af-8da3-fc5a950d210f",
|
|
"network-traffic--59b657ad-b6c8-42af-8da3-fc5a950d210f",
|
|
"ipv4-addr--59b657ad-b6c8-42af-8da3-fc5a950d210f",
|
|
"indicator--59b657ad-8d88-4ecc-b32a-fba2950d210f",
|
|
"indicator--59b657ad-a2c8-49ae-b1b3-fd30950d210f",
|
|
"indicator--59b657ae-71e4-4448-b6f6-170a950d210f",
|
|
"indicator--59b657ae-2dd8-4059-bc72-a7f8950d210f",
|
|
"indicator--59b657ae-85e4-4f16-96e5-fcd2950d210f",
|
|
"indicator--59b657ae-a724-458b-a1f8-fba2950d210f",
|
|
"indicator--59b657af-46e8-461f-b10f-0a3e950d210f",
|
|
"indicator--59b657af-f7a0-42b6-98d0-0a3c950d210f",
|
|
"observed-data--59b657b0-c8d8-4e02-b1bd-fc77950d210f",
|
|
"network-traffic--59b657b0-c8d8-4e02-b1bd-fc77950d210f",
|
|
"ipv4-addr--59b657b0-c8d8-4e02-b1bd-fc77950d210f",
|
|
"indicator--59b657b0-252c-4478-8aa8-a7f8950d210f",
|
|
"indicator--59b657b0-0c2c-464d-979e-faa1950d210f",
|
|
"observed-data--59b657b0-1bd4-4581-b8b4-fd31950d210f",
|
|
"network-traffic--59b657b0-1bd4-4581-b8b4-fd31950d210f",
|
|
"ipv4-addr--59b657b0-1bd4-4581-b8b4-fd31950d210f",
|
|
"indicator--59b657b1-6cec-43f0-aa29-14d9950d210f",
|
|
"indicator--59b657b1-7484-4de1-8089-fcd2950d210f",
|
|
"observed-data--59b657b2-95a4-45f1-bab6-fba2950d210f",
|
|
"network-traffic--59b657b2-95a4-45f1-bab6-fba2950d210f",
|
|
"ipv4-addr--59b657b2-95a4-45f1-bab6-fba2950d210f",
|
|
"indicator--59b657b2-0978-47da-920a-fd30950d210f",
|
|
"indicator--59b657b2-5b88-478d-99ae-a587950d210f",
|
|
"observed-data--59b657b2-ad74-49e1-a8d9-1285950d210f",
|
|
"network-traffic--59b657b2-ad74-49e1-a8d9-1285950d210f",
|
|
"ipv4-addr--59b657b2-ad74-49e1-a8d9-1285950d210f",
|
|
"indicator--59b657b3-1f5c-4999-b7b7-0a3e950d210f",
|
|
"indicator--59b657b3-ff9c-4685-a5f8-a4fe950d210f",
|
|
"observed-data--59b657b3-a550-428f-8f53-a7f8950d210f",
|
|
"network-traffic--59b657b3-a550-428f-8f53-a7f8950d210f",
|
|
"ipv4-addr--59b657b3-a550-428f-8f53-a7f8950d210f",
|
|
"indicator--59b657b4-5894-43fa-afe3-faa1950d210f",
|
|
"indicator--59b657b4-d9a4-4706-aa89-fd31950d210f",
|
|
"observed-data--59b657b4-7e3c-4b69-bfe7-14d9950d210f",
|
|
"network-traffic--59b657b4-7e3c-4b69-bfe7-14d9950d210f",
|
|
"ipv4-addr--59b657b4-7e3c-4b69-bfe7-14d9950d210f",
|
|
"indicator--59b657b5-99ac-4dfb-9cac-1684950d210f",
|
|
"indicator--59b657b5-458c-4bdf-bbd6-fcd2950d210f",
|
|
"indicator--59b657b5-cec4-4ef2-b7bf-abb2950d210f",
|
|
"indicator--59b657b5-f604-40ec-bd70-a4fe950d210f",
|
|
"observed-data--59b657b6-bb54-45cc-949f-a7f8950d210f",
|
|
"network-traffic--59b657b6-bb54-45cc-949f-a7f8950d210f",
|
|
"ipv4-addr--59b657b6-bb54-45cc-949f-a7f8950d210f",
|
|
"indicator--59b657b6-a6f4-4820-9acf-fd31950d210f",
|
|
"indicator--59b657b6-3150-410a-8c52-fcd2950d210f",
|
|
"observed-data--59b657b7-f00c-4f8d-b1d2-0a3e950d210f",
|
|
"network-traffic--59b657b7-f00c-4f8d-b1d2-0a3e950d210f",
|
|
"ipv4-addr--59b657b7-f00c-4f8d-b1d2-0a3e950d210f",
|
|
"indicator--59b657b7-de74-4625-933d-a4fe950d210f",
|
|
"indicator--59b657b7-75d0-465e-8f20-fc77950d210f",
|
|
"observed-data--59b657b8-9b68-4f5f-8216-faa1950d210f",
|
|
"network-traffic--59b657b8-9b68-4f5f-8216-faa1950d210f",
|
|
"ipv4-addr--59b657b8-9b68-4f5f-8216-faa1950d210f",
|
|
"indicator--59b657b8-1e30-444a-9239-14d9950d210f",
|
|
"indicator--59b657b8-03a8-452a-a3ee-a587950d210f",
|
|
"observed-data--59b657b8-e8d4-49cc-80a7-0a3e950d210f",
|
|
"network-traffic--59b657b8-e8d4-49cc-80a7-0a3e950d210f",
|
|
"ipv4-addr--59b657b8-e8d4-49cc-80a7-0a3e950d210f",
|
|
"indicator--59b657b9-6144-4a30-8199-a7d3950d210f",
|
|
"indicator--59b657b9-0074-40a4-938a-a7f8950d210f",
|
|
"observed-data--59b657ba-f58c-4325-a8d2-fcd2950d210f",
|
|
"network-traffic--59b657ba-f58c-4325-a8d2-fcd2950d210f",
|
|
"ipv4-addr--59b657ba-f58c-4325-a8d2-fcd2950d210f",
|
|
"indicator--59b657ba-3648-4d9f-89b6-fd30950d210f",
|
|
"indicator--59b657ba-7b6c-421f-9994-0a3e950d210f",
|
|
"observed-data--59b657ba-26a4-47c6-933b-1285950d210f",
|
|
"network-traffic--59b657ba-26a4-47c6-933b-1285950d210f",
|
|
"ipv4-addr--59b657ba-26a4-47c6-933b-1285950d210f",
|
|
"indicator--59b657ba-f7e4-41fa-a96a-fd31950d210f",
|
|
"indicator--59b657bb-47f8-487a-a828-faa1950d210f",
|
|
"observed-data--59b657bb-4464-4fed-9e7f-fcd2950d210f",
|
|
"network-traffic--59b657bb-4464-4fed-9e7f-fcd2950d210f",
|
|
"ipv4-addr--59b657bb-4464-4fed-9e7f-fcd2950d210f",
|
|
"indicator--59b657bb-ee34-4bae-8d79-fb96950d210f",
|
|
"indicator--59b657bb-52b0-4b58-8109-a4fe950d210f",
|
|
"observed-data--59b657bc-3d84-466a-b22c-fc77950d210f",
|
|
"network-traffic--59b657bc-3d84-466a-b22c-fc77950d210f",
|
|
"ipv4-addr--59b657bc-3d84-466a-b22c-fc77950d210f",
|
|
"indicator--59b657bc-101c-4249-920d-faa1950d210f",
|
|
"indicator--59b657bc-0e8c-4f10-8d7e-fcd2950d210f",
|
|
"indicator--59b657bd-0e00-49cb-94fe-fb96950d210f",
|
|
"indicator--59b657bd-8620-4b2e-8301-0a3e950d210f",
|
|
"observed-data--59b657bd-f03c-45b9-902b-a7d3950d210f",
|
|
"network-traffic--59b657bd-f03c-45b9-902b-a7d3950d210f",
|
|
"ipv4-addr--59b657bd-f03c-45b9-902b-a7d3950d210f",
|
|
"indicator--59b657bd-c5cc-4fe9-9add-170a950d210f",
|
|
"indicator--59b657bd-7070-42c6-8c20-fd31950d210f",
|
|
"indicator--59b657be-4abc-4b35-91e1-fcd2950d210f",
|
|
"indicator--59b657be-19a4-4450-8d8d-fc5a950d210f",
|
|
"observed-data--59b657be-0c10-4709-9bd6-abb2950d210f",
|
|
"network-traffic--59b657be-0c10-4709-9bd6-abb2950d210f",
|
|
"ipv4-addr--59b657be-0c10-4709-9bd6-abb2950d210f",
|
|
"indicator--59b657be-7d44-4ee7-9ab2-0a3e950d210f",
|
|
"indicator--59b657be-dd1c-4c19-be90-a7d3950d210f",
|
|
"observed-data--59b657bf-a034-4d2e-840f-fd31950d210f",
|
|
"network-traffic--59b657bf-a034-4d2e-840f-fd31950d210f",
|
|
"ipv4-addr--59b657bf-a034-4d2e-840f-fd31950d210f",
|
|
"indicator--59b657bf-8204-4b61-a64e-fc77950d210f",
|
|
"indicator--59b657bf-c6f4-45f5-b208-fcd2950d210f",
|
|
"observed-data--59b657c0-d98c-46ba-9c2e-fc5a950d210f",
|
|
"network-traffic--59b657c0-d98c-46ba-9c2e-fc5a950d210f",
|
|
"ipv4-addr--59b657c0-d98c-46ba-9c2e-fc5a950d210f",
|
|
"indicator--59b657c0-f504-4165-9e95-abb2950d210f",
|
|
"indicator--59b657c0-96a0-4298-83e2-0a3e950d210f",
|
|
"observed-data--59b657c0-6534-49b6-be5e-fba2950d210f",
|
|
"network-traffic--59b657c0-6534-49b6-be5e-fba2950d210f",
|
|
"ipv4-addr--59b657c0-6534-49b6-be5e-fba2950d210f",
|
|
"indicator--59b657c1-b270-45a7-b5c1-fd31950d210f",
|
|
"indicator--59b657c1-1d28-4460-a2a4-a7f8950d210f",
|
|
"observed-data--59b657c1-914c-40e0-ab7e-14d9950d210f",
|
|
"network-traffic--59b657c1-914c-40e0-ab7e-14d9950d210f",
|
|
"ipv4-addr--59b657c1-914c-40e0-ab7e-14d9950d210f",
|
|
"indicator--59b657c1-b0a4-4569-9a60-faa1950d210f",
|
|
"indicator--59b657c1-3ed8-4c9f-8d01-fc5a950d210f",
|
|
"observed-data--59b657c2-ec08-4fea-b9b6-fd30950d210f",
|
|
"network-traffic--59b657c2-ec08-4fea-b9b6-fd30950d210f",
|
|
"ipv4-addr--59b657c2-ec08-4fea-b9b6-fd30950d210f",
|
|
"indicator--59b657c2-e010-46d9-8ada-a4fe950d210f",
|
|
"indicator--59b657c2-65ec-4926-807d-fba2950d210f",
|
|
"observed-data--59b657c2-3148-4c4b-9ea3-170a950d210f",
|
|
"network-traffic--59b657c2-3148-4c4b-9ea3-170a950d210f",
|
|
"ipv4-addr--59b657c2-3148-4c4b-9ea3-170a950d210f",
|
|
"indicator--59b657c2-5d78-40c2-a06d-fc77950d210f",
|
|
"indicator--59b657c3-7b4c-429e-a7bc-faa1950d210f",
|
|
"observed-data--59b657c3-3e20-45cc-b60b-abb2950d210f",
|
|
"network-traffic--59b657c3-3e20-45cc-b60b-abb2950d210f",
|
|
"ipv4-addr--59b657c3-3e20-45cc-b60b-abb2950d210f",
|
|
"indicator--59b657c3-9350-433c-8f85-0a3c950d210f",
|
|
"indicator--59b657c3-794c-4ec8-aed2-a4fe950d210f",
|
|
"observed-data--59b657c4-d0c4-41d7-8e77-fb96950d210f",
|
|
"network-traffic--59b657c4-d0c4-41d7-8e77-fb96950d210f",
|
|
"ipv4-addr--59b657c4-d0c4-41d7-8e77-fb96950d210f",
|
|
"indicator--59b657c4-4748-4791-a420-a7f8950d210f",
|
|
"indicator--59b657c4-9c9c-424e-95c6-fc77950d210f",
|
|
"indicator--59b657c5-01f8-486e-a4a0-fc5a950d210f",
|
|
"indicator--59b657c5-d578-44a3-bf84-a587950d210f",
|
|
"observed-data--59b657c5-612c-4701-a9b3-a4fe950d210f",
|
|
"network-traffic--59b657c5-612c-4701-a9b3-a4fe950d210f",
|
|
"ipv4-addr--59b657c5-612c-4701-a9b3-a4fe950d210f",
|
|
"indicator--59b657c5-05e8-4801-863c-0a3e950d210f",
|
|
"indicator--59b657c5-d1cc-4863-a6c0-fb96950d210f",
|
|
"indicator--59b657c6-bb38-45a4-a501-fc77950d210f",
|
|
"indicator--59b657c6-c9a0-4d99-b755-fcd2950d210f",
|
|
"observed-data--59b657c6-d6cc-4ba9-b26f-fc5a950d210f",
|
|
"network-traffic--59b657c6-d6cc-4ba9-b26f-fc5a950d210f",
|
|
"ipv4-addr--59b657c6-d6cc-4ba9-b26f-fc5a950d210f",
|
|
"indicator--59b657c7-6cb8-40e7-a569-0a3c950d210f",
|
|
"indicator--59b657c7-fee0-4f15-a136-1684950d210f",
|
|
"observed-data--59b657c7-3dd8-4f79-8c69-0a3e950d210f",
|
|
"network-traffic--59b657c7-3dd8-4f79-8c69-0a3e950d210f",
|
|
"ipv4-addr--59b657c7-3dd8-4f79-8c69-0a3e950d210f",
|
|
"indicator--59b657c7-b7d4-4a71-b73b-a7d3950d210f",
|
|
"indicator--59b657c7-e264-42ce-a6d1-a7f8950d210f",
|
|
"observed-data--59b657c8-0924-4614-997a-fba2950d210f",
|
|
"network-traffic--59b657c8-0924-4614-997a-fba2950d210f",
|
|
"ipv4-addr--59b657c8-0924-4614-997a-fba2950d210f",
|
|
"indicator--59b657c8-2eac-4124-904e-14d9950d210f",
|
|
"indicator--59b657c8-d3bc-4e46-a504-faa1950d210f",
|
|
"observed-data--59b657c9-21b0-433a-b250-0a3c950d210f",
|
|
"network-traffic--59b657c9-21b0-433a-b250-0a3c950d210f",
|
|
"ipv4-addr--59b657c9-21b0-433a-b250-0a3c950d210f",
|
|
"indicator--59b657c9-5f14-4ba9-9c56-a587950d210f",
|
|
"indicator--59b657c9-9d58-4f6c-92ce-1684950d210f",
|
|
"observed-data--59b657ca-5b28-47cb-a490-fd30950d210f",
|
|
"network-traffic--59b657ca-5b28-47cb-a490-fd30950d210f",
|
|
"ipv4-addr--59b657ca-5b28-47cb-a490-fd30950d210f",
|
|
"indicator--59b657ca-df04-48aa-a8a6-a7d3950d210f",
|
|
"indicator--59b657ca-92a0-447a-b8c5-a7f8950d210f",
|
|
"observed-data--59b657ca-bddc-446a-acc1-170a950d210f",
|
|
"network-traffic--59b657ca-bddc-446a-acc1-170a950d210f",
|
|
"ipv4-addr--59b657ca-bddc-446a-acc1-170a950d210f",
|
|
"indicator--59b657ca-da10-4be4-bd5f-fc77950d210f",
|
|
"indicator--59b657cb-f018-4e6e-a1bc-14d9950d210f",
|
|
"observed-data--59b657cb-63b0-4b46-8d94-faa1950d210f",
|
|
"network-traffic--59b657cb-63b0-4b46-8d94-faa1950d210f",
|
|
"ipv4-addr--59b657cb-63b0-4b46-8d94-faa1950d210f",
|
|
"indicator--59b657cb-cf9c-4c00-b253-0a3c950d210f",
|
|
"indicator--59b657cb-cfc0-4407-a8b5-abb2950d210f",
|
|
"observed-data--59b657cc-59f4-4957-bf4c-1684950d210f",
|
|
"network-traffic--59b657cc-59f4-4957-bf4c-1684950d210f",
|
|
"ipv4-addr--59b657cc-59f4-4957-bf4c-1684950d210f",
|
|
"indicator--59b657cc-52f4-4bb2-9716-0a3e950d210f",
|
|
"indicator--59b657cc-9e48-431d-b775-a7d3950d210f",
|
|
"observed-data--59b657cd-2790-402f-a0fa-fb96950d210f",
|
|
"network-traffic--59b657cd-2790-402f-a0fa-fb96950d210f",
|
|
"ipv4-addr--59b657cd-2790-402f-a0fa-fb96950d210f",
|
|
"indicator--59b657cd-99e0-42a7-8455-fd31950d210f",
|
|
"indicator--59b657cd-be84-4d93-b131-170a950d210f",
|
|
"indicator--59b657cd-9aa4-4a6c-82b1-14d9950d210f",
|
|
"indicator--59b657ce-5e88-4104-952b-fcd2950d210f",
|
|
"observed-data--59b657ce-dca0-4b1e-aef6-faa1950d210f",
|
|
"network-traffic--59b657ce-dca0-4b1e-aef6-faa1950d210f",
|
|
"ipv4-addr--59b657ce-dca0-4b1e-aef6-faa1950d210f",
|
|
"indicator--59b657ce-e5dc-4f4e-a030-0a3c950d210f",
|
|
"indicator--59b657ce-9434-4c43-9e30-a587950d210f",
|
|
"observed-data--59b657cf-4548-4d31-bd0c-a4fe950d210f",
|
|
"network-traffic--59b657cf-4548-4d31-bd0c-a4fe950d210f",
|
|
"ipv4-addr--59b657cf-4548-4d31-bd0c-a4fe950d210f",
|
|
"indicator--59b657cf-199c-4e24-b70c-1684950d210f",
|
|
"indicator--59b657cf-68d8-46f1-8b3c-fd30950d210f",
|
|
"observed-data--59b657cf-d9e4-47f9-9aa0-fb96950d210f",
|
|
"network-traffic--59b657cf-d9e4-47f9-9aa0-fb96950d210f",
|
|
"ipv4-addr--59b657cf-d9e4-47f9-9aa0-fb96950d210f",
|
|
"indicator--59b657d0-1380-49b4-99bd-fd31950d210f",
|
|
"indicator--59b657d0-5aa0-444a-ac74-170a950d210f",
|
|
"observed-data--59b657d0-77fc-4206-a721-14d9950d210f",
|
|
"network-traffic--59b657d0-77fc-4206-a721-14d9950d210f",
|
|
"ipv4-addr--59b657d0-77fc-4206-a721-14d9950d210f",
|
|
"indicator--59b657d1-4068-45ad-9015-fcd2950d210f",
|
|
"indicator--59b657d1-4ae0-4864-ad1f-1285950d210f",
|
|
"observed-data--59b657d1-aa6c-4259-a85d-faa1950d210f",
|
|
"network-traffic--59b657d1-aa6c-4259-a85d-faa1950d210f",
|
|
"ipv4-addr--59b657d1-aa6c-4259-a85d-faa1950d210f",
|
|
"indicator--59b657d2-e468-42cb-ac56-0a3c950d210f",
|
|
"indicator--59b657d2-7a8c-4c7b-b4af-fc5a950d210f",
|
|
"indicator--59b657d2-0d0c-4548-8ef8-fd30950d210f",
|
|
"indicator--59b657d3-babc-4ab5-b627-a7d3950d210f",
|
|
"observed-data--59b657d3-29e0-4d1c-9e1a-fb96950d210f",
|
|
"network-traffic--59b657d3-29e0-4d1c-9e1a-fb96950d210f",
|
|
"ipv4-addr--59b657d3-29e0-4d1c-9e1a-fb96950d210f",
|
|
"indicator--59b657d3-b410-4c68-945c-fd31950d210f",
|
|
"indicator--59b657d3-a73c-42e3-801c-170a950d210f",
|
|
"indicator--59b657d4-6ed4-4817-a7f2-14d9950d210f",
|
|
"indicator--59b657d4-fbf8-4ce9-95a0-fcd2950d210f",
|
|
"indicator--59b657d4-d064-44e3-ac59-0a3c950d210f",
|
|
"indicator--59b657d4-b8d4-4ff3-8deb-a587950d210f",
|
|
"observed-data--59b657d5-9608-4c94-bedf-a4fe950d210f",
|
|
"network-traffic--59b657d5-9608-4c94-bedf-a4fe950d210f",
|
|
"ipv4-addr--59b657d5-9608-4c94-bedf-a4fe950d210f",
|
|
"indicator--59b657d5-f494-4408-a847-1684950d210f",
|
|
"indicator--59b657d5-6660-4aef-9cb8-0a3e950d210f",
|
|
"observed-data--59b657d6-8990-4435-8e28-a7d3950d210f",
|
|
"network-traffic--59b657d6-8990-4435-8e28-a7d3950d210f",
|
|
"ipv4-addr--59b657d6-8990-4435-8e28-a7d3950d210f",
|
|
"indicator--59b657d6-ce40-41cf-883a-fd31950d210f",
|
|
"indicator--59b657d6-8214-49d3-8d42-170a950d210f",
|
|
"indicator--59b657d7-85f0-45b7-8c86-fc77950d210f",
|
|
"indicator--59b657d8-79e0-4f1c-8735-fcd2950d210f",
|
|
"observed-data--59b657d8-6874-4858-b83c-0a3c950d210f",
|
|
"network-traffic--59b657d8-6874-4858-b83c-0a3c950d210f",
|
|
"ipv4-addr--59b657d8-6874-4858-b83c-0a3c950d210f",
|
|
"indicator--59b657d8-d11c-45eb-984c-a587950d210f",
|
|
"indicator--59b657d8-c11c-475e-aa4b-fc5a950d210f",
|
|
"observed-data--59b657d9-e998-4399-a7f7-0a3e950d210f",
|
|
"network-traffic--59b657d9-e998-4399-a7f7-0a3e950d210f",
|
|
"ipv4-addr--59b657d9-e998-4399-a7f7-0a3e950d210f",
|
|
"indicator--59b657d9-bf58-4f67-98fd-fd30950d210f",
|
|
"indicator--59b657d9-38ec-4970-b933-fb96950d210f",
|
|
"observed-data--59b657db-91e0-4f07-a836-fba2950d210f",
|
|
"network-traffic--59b657db-91e0-4f07-a836-fba2950d210f",
|
|
"ipv4-addr--59b657db-91e0-4f07-a836-fba2950d210f",
|
|
"indicator--59b657db-b64c-4bb5-8b63-fc77950d210f",
|
|
"indicator--59b657db-6cf8-46f5-a3b3-fcd2950d210f",
|
|
"observed-data--59b657dc-a5c0-4487-8b58-0a3c950d210f",
|
|
"network-traffic--59b657dc-a5c0-4487-8b58-0a3c950d210f",
|
|
"ipv4-addr--59b657dc-a5c0-4487-8b58-0a3c950d210f",
|
|
"indicator--59b657dc-6664-4168-9eba-a4fe950d210f",
|
|
"indicator--59b657dc-8250-46e9-8d55-fc5a950d210f",
|
|
"observed-data--59b657dd-1854-45d6-b600-0a3e950d210f",
|
|
"network-traffic--59b657dd-1854-45d6-b600-0a3e950d210f",
|
|
"ipv4-addr--59b657dd-1854-45d6-b600-0a3e950d210f",
|
|
"indicator--59b657dd-d654-4a97-a719-fd30950d210f",
|
|
"indicator--59b657dd-00ac-4309-bed9-a7d3950d210f",
|
|
"observed-data--59b657de-8aac-4b24-ac0a-a7f8950d210f",
|
|
"network-traffic--59b657de-8aac-4b24-ac0a-a7f8950d210f",
|
|
"ipv4-addr--59b657de-8aac-4b24-ac0a-a7f8950d210f",
|
|
"indicator--59b657de-0708-4fd0-bfac-abb2950d210f",
|
|
"indicator--59b657de-22fc-4f07-94dc-fba2950d210f",
|
|
"observed-data--59b657de-142c-45af-a003-fc77950d210f",
|
|
"network-traffic--59b657de-142c-45af-a003-fc77950d210f",
|
|
"ipv4-addr--59b657de-142c-45af-a003-fc77950d210f",
|
|
"indicator--59b657df-6ee4-4dc8-810f-1285950d210f",
|
|
"indicator--59b657df-a134-4f8a-8156-faa1950d210f",
|
|
"observed-data--59b657df-852c-4c04-b363-a587950d210f",
|
|
"network-traffic--59b657df-852c-4c04-b363-a587950d210f",
|
|
"ipv4-addr--59b657df-852c-4c04-b363-a587950d210f",
|
|
"indicator--59b657df-5f0c-4070-8212-1684950d210f",
|
|
"indicator--59b657e0-9f14-4bd8-accc-fd30950d210f",
|
|
"observed-data--59b657e0-4294-4863-b44b-a7f8950d210f",
|
|
"network-traffic--59b657e0-4294-4863-b44b-a7f8950d210f",
|
|
"ipv4-addr--59b657e0-4294-4863-b44b-a7f8950d210f",
|
|
"indicator--59b657e0-fe00-476b-a795-fba2950d210f",
|
|
"indicator--59b657e1-aec4-4348-ac92-a587950d210f",
|
|
"indicator--59b657e1-995c-4a1e-8f91-fc5a950d210f",
|
|
"observed-data--59b657e2-7ea0-46bd-841a-fd31950d210f",
|
|
"network-traffic--59b657e2-7ea0-46bd-841a-fd31950d210f",
|
|
"ipv4-addr--59b657e2-7ea0-46bd-841a-fd31950d210f",
|
|
"indicator--59b657e2-2808-45a4-b136-170a950d210f",
|
|
"indicator--59b657e2-4654-4bd6-be86-14d9950d210f",
|
|
"indicator--59b657e3-9828-4e3e-ba39-abb2950d210f",
|
|
"indicator--59b657e3-9698-442c-95ec-0a3c950d210f",
|
|
"observed-data--59b657e3-bce8-4ba7-8857-a587950d210f",
|
|
"network-traffic--59b657e3-bce8-4ba7-8857-a587950d210f",
|
|
"ipv4-addr--59b657e3-bce8-4ba7-8857-a587950d210f",
|
|
"indicator--59b657e4-5608-45f5-aa9f-fd30950d210f",
|
|
"indicator--59b657e4-a12c-47d3-b922-1684950d210f",
|
|
"observed-data--59b657e4-bf74-4e58-ae45-fd31950d210f",
|
|
"network-traffic--59b657e4-bf74-4e58-ae45-fd31950d210f",
|
|
"ipv4-addr--59b657e4-bf74-4e58-ae45-fd31950d210f",
|
|
"indicator--59b657e4-be44-492a-8278-14d9950d210f",
|
|
"indicator--59b657e4-6c14-4ca6-aeac-fba2950d210f",
|
|
"observed-data--59b657e5-46e8-4e42-b4a9-1285950d210f",
|
|
"network-traffic--59b657e5-46e8-4e42-b4a9-1285950d210f",
|
|
"ipv4-addr--59b657e5-46e8-4e42-b4a9-1285950d210f",
|
|
"indicator--59b657e5-7f38-4f64-8faf-fc5a950d210f",
|
|
"indicator--59b657e5-6bcc-41ee-b871-a7d3950d210f",
|
|
"observed-data--59b657e6-fdac-4cad-80b5-14d9950d210f",
|
|
"network-traffic--59b657e6-fdac-4cad-80b5-14d9950d210f",
|
|
"ipv4-addr--59b657e6-fdac-4cad-80b5-14d9950d210f",
|
|
"indicator--59b657e6-d7e4-4bf5-8a39-fcd2950d210f",
|
|
"indicator--59b657e6-b400-43cc-bafa-abb2950d210f",
|
|
"observed-data--59b657e6-b510-4d82-8454-a4fe950d210f",
|
|
"network-traffic--59b657e6-b510-4d82-8454-a4fe950d210f",
|
|
"ipv4-addr--59b657e6-b510-4d82-8454-a4fe950d210f",
|
|
"indicator--59b657e7-18b0-4903-8de2-fd30950d210f",
|
|
"indicator--59b657e7-5a38-404f-87fb-fb96950d210f",
|
|
"observed-data--59b657e7-f130-4c88-a224-fd31950d210f",
|
|
"network-traffic--59b657e7-f130-4c88-a224-fd31950d210f",
|
|
"ipv4-addr--59b657e7-f130-4c88-a224-fd31950d210f",
|
|
"indicator--59b657e7-5ba0-4c4e-8e83-fc77950d210f",
|
|
"indicator--59b657e7-f724-4293-b69f-abb2950d210f",
|
|
"indicator--59b657e8-3968-4370-803a-0a3e950d210f",
|
|
"indicator--59b657e8-bd54-4305-a9dc-fc5a950d210f",
|
|
"observed-data--59b657e8-0508-46ea-9d68-1684950d210f",
|
|
"network-traffic--59b657e8-0508-46ea-9d68-1684950d210f",
|
|
"ipv4-addr--59b657e8-0508-46ea-9d68-1684950d210f",
|
|
"indicator--59b657e9-b86c-4d67-8e92-14d9950d210f",
|
|
"indicator--59b657e9-d838-40df-8566-170a950d210f",
|
|
"observed-data--59b657ea-c518-447d-8ea1-0a3c950d210f",
|
|
"network-traffic--59b657ea-c518-447d-8ea1-0a3c950d210f",
|
|
"ipv4-addr--59b657ea-c518-447d-8ea1-0a3c950d210f",
|
|
"indicator--59b657ea-9078-4162-be7c-fc5a950d210f",
|
|
"indicator--59b657ea-999c-4f4f-91e6-fd30950d210f",
|
|
"observed-data--59b657ea-d3d8-4edc-a2e0-fd31950d210f",
|
|
"network-traffic--59b657ea-d3d8-4edc-a2e0-fd31950d210f",
|
|
"ipv4-addr--59b657ea-d3d8-4edc-a2e0-fd31950d210f",
|
|
"indicator--59b657eb-eb74-4ac5-bdc8-170a950d210f",
|
|
"indicator--59b657eb-ab04-44e4-bbd3-fcd2950d210f",
|
|
"observed-data--59b657eb-eeec-4ac9-abb7-abb2950d210f",
|
|
"network-traffic--59b657eb-eeec-4ac9-abb7-abb2950d210f",
|
|
"ipv4-addr--59b657eb-eeec-4ac9-abb7-abb2950d210f",
|
|
"indicator--59b657eb-c484-4b65-a4af-0a3c950d210f",
|
|
"indicator--59b657ec-ad14-4f62-8e7d-fc5a950d210f",
|
|
"indicator--59b657ec-09c8-4356-86bb-fd30950d210f",
|
|
"indicator--59b657ec-5e2c-457e-a4d7-1684950d210f",
|
|
"observed-data--59b657ec-49b4-406d-84c4-a7f8950d210f",
|
|
"network-traffic--59b657ec-49b4-406d-84c4-a7f8950d210f",
|
|
"ipv4-addr--59b657ec-49b4-406d-84c4-a7f8950d210f",
|
|
"indicator--59b657ed-1710-4d84-aab8-fcd2950d210f",
|
|
"indicator--59b657ed-f0d0-4392-9271-fba2950d210f",
|
|
"observed-data--59b657ed-50b8-4939-bf24-faa1950d210f",
|
|
"network-traffic--59b657ed-50b8-4939-bf24-faa1950d210f",
|
|
"ipv4-addr--59b657ed-50b8-4939-bf24-faa1950d210f",
|
|
"indicator--59b657ed-caec-4fcf-abc1-1285950d210f",
|
|
"indicator--59b657ed-f974-430e-8a67-fc5a950d210f",
|
|
"indicator--59b657ee-5c50-46e8-a8d1-fd30950d210f",
|
|
"indicator--59b657ee-1568-4d0a-b796-1684950d210f",
|
|
"observed-data--59b657ee-0628-484e-a667-fb96950d210f",
|
|
"network-traffic--59b657ee-0628-484e-a667-fb96950d210f",
|
|
"ipv4-addr--59b657ee-0628-484e-a667-fb96950d210f",
|
|
"indicator--59b657ef-d2f4-4a7d-b232-a7f8950d210f",
|
|
"indicator--59b657ef-b95c-44fa-a8ab-170a950d210f",
|
|
"observed-data--59b6580d-59c8-442f-a828-fd31950d210f",
|
|
"url--59b6580d-59c8-442f-a828-fd31950d210f",
|
|
"observed-data--59b6580d-a484-4f2e-8caa-faa1950d210f",
|
|
"network-traffic--59b6580d-a484-4f2e-8caa-faa1950d210f",
|
|
"ipv4-addr--59b6580d-a484-4f2e-8caa-faa1950d210f",
|
|
"observed-data--59b6580d-eb38-4821-b413-abb2950d210f",
|
|
"url--59b6580d-eb38-4821-b413-abb2950d210f",
|
|
"observed-data--59b6580e-ee44-4a1e-bbe3-0a3e950d210f",
|
|
"network-traffic--59b6580e-ee44-4a1e-bbe3-0a3e950d210f",
|
|
"ipv4-addr--59b6580e-ee44-4a1e-bbe3-0a3e950d210f",
|
|
"indicator--59b6580e-3580-416f-aed0-a7d3950d210f",
|
|
"indicator--59b6580e-1240-46a4-aa9e-a7f8950d210f",
|
|
"indicator--59b6580f-4ce4-4030-870a-fc77950d210f",
|
|
"indicator--59b6580f-c18c-477d-abcb-a4fe950d210f",
|
|
"indicator--59b6580f-f860-4833-b3e3-170a950d210f",
|
|
"indicator--59b6580f-a6a0-490f-9a72-faa1950d210f",
|
|
"indicator--59b65810-e0e4-42f3-b999-fc5a950d210f",
|
|
"indicator--59b65810-e198-4c4e-a152-0a3e950d210f",
|
|
"indicator--59b65810-a148-4b04-a654-a7f8950d210f",
|
|
"indicator--59b65810-7d2c-4846-8700-fb96950d210f",
|
|
"indicator--59b65811-68dc-4a27-87e5-a4fe950d210f",
|
|
"indicator--59b65811-a75c-4ae6-8124-fd31950d210f",
|
|
"indicator--59b65811-b154-4f07-8f17-14d9950d210f",
|
|
"indicator--59b65812-7e54-459b-bb38-1285950d210f",
|
|
"indicator--59b65812-6678-4961-aa46-0a3e950d210f",
|
|
"indicator--59b65812-dd9c-4b68-8137-a587950d210f",
|
|
"indicator--59b65813-ba78-42d8-b94a-fcd2950d210f",
|
|
"indicator--59b65813-b44c-4ef7-b818-0a3c950d210f",
|
|
"indicator--59b65813-a6e4-4079-84bd-a4fe950d210f",
|
|
"indicator--59b65813-2034-48b8-b769-fba2950d210f",
|
|
"indicator--59b65814-1fa4-4f87-a4f7-fd30950d210f",
|
|
"indicator--59b65814-8ddc-4e55-80c6-1684950d210f",
|
|
"indicator--59b65814-8964-4181-8f00-0a3e950d210f",
|
|
"indicator--59b65814-76a4-4db1-add1-fb96950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657a9-ba00-4cfe-90fc-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:17.000Z",
|
|
"modified": "2017-09-11T09:30:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5e063ea9212759c7689eccd099c1eccf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657aa-62b8-4a5c-96dd-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:18.000Z",
|
|
"modified": "2017-09-11T09:30:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c9128378e75c3a0455154e3e5674c494']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657aa-7fcc-43c8-b7a5-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:18.000Z",
|
|
"modified": "2017-09-11T09:30:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = '708e93ec5d1a5b68b8544d1ed1fca40d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657aa-85fc-4630-8237-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:18.000Z",
|
|
"modified": "2017-09-11T09:30:18.000Z",
|
|
"pattern": "[url:value = 'http://abdulhamit.org/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657aa-211c-4ebe-8bf2-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:18.000Z",
|
|
"modified": "2017-09-11T09:30:18.000Z",
|
|
"pattern": "[domain-name:value = 'abdulhamit.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ab-affc-42d0-8d18-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:19.000Z",
|
|
"modified": "2017-09-11T09:30:19.000Z",
|
|
"first_observed": "2017-09-11T09:30:19Z",
|
|
"last_observed": "2017-09-11T09:30:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ab-affc-42d0-8d18-fcd2950d210f",
|
|
"ipv4-addr--59b657ab-affc-42d0-8d18-fcd2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ab-affc-42d0-8d18-fcd2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ab-affc-42d0-8d18-fcd2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ab-affc-42d0-8d18-fcd2950d210f",
|
|
"value": "77.245.149.11"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ab-2ae8-4564-a705-1285950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:19.000Z",
|
|
"modified": "2017-09-11T09:30:19.000Z",
|
|
"pattern": "[url:value = 'http://areanuova.it/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ab-34e4-46c3-9d31-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:19.000Z",
|
|
"modified": "2017-09-11T09:30:19.000Z",
|
|
"pattern": "[domain-name:value = 'areanuova.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ac-3598-4a6c-8a61-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:20.000Z",
|
|
"modified": "2017-09-11T09:30:20.000Z",
|
|
"first_observed": "2017-09-11T09:30:20Z",
|
|
"last_observed": "2017-09-11T09:30:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ac-3598-4a6c-8a61-a7d3950d210f",
|
|
"ipv4-addr--59b657ac-3598-4a6c-8a61-a7d3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ac-3598-4a6c-8a61-a7d3950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ac-3598-4a6c-8a61-a7d3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ac-3598-4a6c-8a61-a7d3950d210f",
|
|
"value": "85.235.130.46"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ac-9940-4399-96ae-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:20.000Z",
|
|
"modified": "2017-09-11T09:30:20.000Z",
|
|
"pattern": "[url:value = 'http://arge-lateinamerika.eu/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ac-0894-49ba-acf1-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:20.000Z",
|
|
"modified": "2017-09-11T09:30:20.000Z",
|
|
"pattern": "[domain-name:value = 'arge-lateinamerika.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ac-9d30-4689-ba70-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:20.000Z",
|
|
"modified": "2017-09-11T09:30:20.000Z",
|
|
"first_observed": "2017-09-11T09:30:20Z",
|
|
"last_observed": "2017-09-11T09:30:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ac-9d30-4689-ba70-0a3c950d210f",
|
|
"ipv4-addr--59b657ac-9d30-4689-ba70-0a3c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ac-9d30-4689-ba70-0a3c950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ac-9d30-4689-ba70-0a3c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ac-9d30-4689-ba70-0a3c950d210f",
|
|
"value": "85.214.235.146"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ac-f700-4c9f-8c28-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:20.000Z",
|
|
"modified": "2017-09-11T09:30:20.000Z",
|
|
"pattern": "[url:value = 'http://armor-conduite.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ad-e24c-4fa4-8e46-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:21.000Z",
|
|
"modified": "2017-09-11T09:30:21.000Z",
|
|
"pattern": "[domain-name:value = 'armor-conduite.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ad-b6c8-42af-8da3-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:21.000Z",
|
|
"modified": "2017-09-11T09:30:21.000Z",
|
|
"first_observed": "2017-09-11T09:30:21Z",
|
|
"last_observed": "2017-09-11T09:30:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ad-b6c8-42af-8da3-fc5a950d210f",
|
|
"ipv4-addr--59b657ad-b6c8-42af-8da3-fc5a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ad-b6c8-42af-8da3-fc5a950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ad-b6c8-42af-8da3-fc5a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ad-b6c8-42af-8da3-fc5a950d210f",
|
|
"value": "193.227.248.241"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ad-8d88-4ecc-b32a-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:21.000Z",
|
|
"modified": "2017-09-11T09:30:21.000Z",
|
|
"pattern": "[url:value = 'http://autoecolealmom.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ad-a2c8-49ae-b1b3-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:21.000Z",
|
|
"modified": "2017-09-11T09:30:21.000Z",
|
|
"pattern": "[domain-name:value = 'autoecolealmom.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ae-71e4-4448-b6f6-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:22.000Z",
|
|
"modified": "2017-09-11T09:30:22.000Z",
|
|
"pattern": "[url:value = 'http://autoecolecaravelle.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ae-2dd8-4059-bc72-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:22.000Z",
|
|
"modified": "2017-09-11T09:30:22.000Z",
|
|
"pattern": "[domain-name:value = 'autoecolecaravelle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ae-85e4-4f16-96e5-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:22.000Z",
|
|
"modified": "2017-09-11T09:30:22.000Z",
|
|
"pattern": "[url:value = 'http://auto-ecole-challenger.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ae-a724-458b-a1f8-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:22.000Z",
|
|
"modified": "2017-09-11T09:30:22.000Z",
|
|
"pattern": "[domain-name:value = 'auto-ecole-challenger.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657af-46e8-461f-b10f-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:23.000Z",
|
|
"modified": "2017-09-11T09:30:23.000Z",
|
|
"pattern": "[url:value = 'http://bdbl.com.np/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657af-f7a0-42b6-98d0-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:23.000Z",
|
|
"modified": "2017-09-11T09:30:23.000Z",
|
|
"pattern": "[domain-name:value = 'bdbl.com.np']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b0-c8d8-4e02-b1bd-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:24.000Z",
|
|
"modified": "2017-09-11T09:30:24.000Z",
|
|
"first_observed": "2017-09-11T09:30:24Z",
|
|
"last_observed": "2017-09-11T09:30:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b0-c8d8-4e02-b1bd-fc77950d210f",
|
|
"ipv4-addr--59b657b0-c8d8-4e02-b1bd-fc77950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b0-c8d8-4e02-b1bd-fc77950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b0-c8d8-4e02-b1bd-fc77950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b0-c8d8-4e02-b1bd-fc77950d210f",
|
|
"value": "74.200.89.84"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b0-252c-4478-8aa8-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:24.000Z",
|
|
"modified": "2017-09-11T09:30:24.000Z",
|
|
"pattern": "[url:value = 'http://brillantelimpieza.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b0-0c2c-464d-979e-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:24.000Z",
|
|
"modified": "2017-09-11T09:30:24.000Z",
|
|
"pattern": "[domain-name:value = 'brillantelimpieza.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b0-1bd4-4581-b8b4-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:24.000Z",
|
|
"modified": "2017-09-11T09:30:24.000Z",
|
|
"first_observed": "2017-09-11T09:30:24Z",
|
|
"last_observed": "2017-09-11T09:30:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b0-1bd4-4581-b8b4-fd31950d210f",
|
|
"ipv4-addr--59b657b0-1bd4-4581-b8b4-fd31950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b0-1bd4-4581-b8b4-fd31950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b0-1bd4-4581-b8b4-fd31950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b0-1bd4-4581-b8b4-fd31950d210f",
|
|
"value": "192.169.232.25"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b1-6cec-43f0-aa29-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:25.000Z",
|
|
"modified": "2017-09-11T09:30:25.000Z",
|
|
"pattern": "[url:value = 'http://brovalbox.net/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b1-7484-4de1-8089-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:25.000Z",
|
|
"modified": "2017-09-11T09:30:25.000Z",
|
|
"pattern": "[domain-name:value = 'brovalbox.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b2-95a4-45f1-bab6-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:26.000Z",
|
|
"modified": "2017-09-11T09:30:26.000Z",
|
|
"first_observed": "2017-09-11T09:30:26Z",
|
|
"last_observed": "2017-09-11T09:30:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b2-95a4-45f1-bab6-fba2950d210f",
|
|
"ipv4-addr--59b657b2-95a4-45f1-bab6-fba2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b2-95a4-45f1-bab6-fba2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b2-95a4-45f1-bab6-fba2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b2-95a4-45f1-bab6-fba2950d210f",
|
|
"value": "124.211.27.170"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b2-0978-47da-920a-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:26.000Z",
|
|
"modified": "2017-09-11T09:30:26.000Z",
|
|
"pattern": "[url:value = 'http://cajunsandcowboys.org/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b2-5b88-478d-99ae-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:26.000Z",
|
|
"modified": "2017-09-11T09:30:26.000Z",
|
|
"pattern": "[domain-name:value = 'cajunsandcowboys.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b2-ad74-49e1-a8d9-1285950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:26.000Z",
|
|
"modified": "2017-09-11T09:30:26.000Z",
|
|
"first_observed": "2017-09-11T09:30:26Z",
|
|
"last_observed": "2017-09-11T09:30:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b2-ad74-49e1-a8d9-1285950d210f",
|
|
"ipv4-addr--59b657b2-ad74-49e1-a8d9-1285950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b2-ad74-49e1-a8d9-1285950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b2-ad74-49e1-a8d9-1285950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b2-ad74-49e1-a8d9-1285950d210f",
|
|
"value": "66.199.174.108"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b3-1f5c-4999-b7b7-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:27.000Z",
|
|
"modified": "2017-09-11T09:30:27.000Z",
|
|
"pattern": "[url:value = 'http://centralbaptistchurchnj.org/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b3-ff9c-4685-a5f8-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:27.000Z",
|
|
"modified": "2017-09-11T09:30:27.000Z",
|
|
"pattern": "[domain-name:value = 'centralbaptistchurchnj.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b3-a550-428f-8f53-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:27.000Z",
|
|
"modified": "2017-09-11T09:30:27.000Z",
|
|
"first_observed": "2017-09-11T09:30:27Z",
|
|
"last_observed": "2017-09-11T09:30:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b3-a550-428f-8f53-a7f8950d210f",
|
|
"ipv4-addr--59b657b3-a550-428f-8f53-a7f8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b3-a550-428f-8f53-a7f8950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b3-a550-428f-8f53-a7f8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b3-a550-428f-8f53-a7f8950d210f",
|
|
"value": "68.171.62.42"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b4-5894-43fa-afe3-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:28.000Z",
|
|
"modified": "2017-09-11T09:30:28.000Z",
|
|
"pattern": "[url:value = 'http://clawsandpaws.biz/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b4-d9a4-4706-aa89-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:28.000Z",
|
|
"modified": "2017-09-11T09:30:28.000Z",
|
|
"pattern": "[domain-name:value = 'clawsandpaws.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b4-7e3c-4b69-bfe7-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:28.000Z",
|
|
"modified": "2017-09-11T09:30:28.000Z",
|
|
"first_observed": "2017-09-11T09:30:28Z",
|
|
"last_observed": "2017-09-11T09:30:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b4-7e3c-4b69-bfe7-14d9950d210f",
|
|
"ipv4-addr--59b657b4-7e3c-4b69-bfe7-14d9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b4-7e3c-4b69-bfe7-14d9950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b4-7e3c-4b69-bfe7-14d9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b4-7e3c-4b69-bfe7-14d9950d210f",
|
|
"value": "68.171.56.32"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b5-99ac-4dfb-9cac-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:29.000Z",
|
|
"modified": "2017-09-11T09:30:29.000Z",
|
|
"pattern": "[url:value = 'http://computertechnicians.net/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b5-458c-4bdf-bbd6-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:29.000Z",
|
|
"modified": "2017-09-11T09:30:29.000Z",
|
|
"pattern": "[domain-name:value = 'computertechnicians.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b5-cec4-4ef2-b7bf-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:29.000Z",
|
|
"modified": "2017-09-11T09:30:29.000Z",
|
|
"pattern": "[url:value = 'http://coopstella.net/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b5-f604-40ec-bd70-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:29.000Z",
|
|
"modified": "2017-09-11T09:30:29.000Z",
|
|
"pattern": "[domain-name:value = 'coopstella.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b6-bb54-45cc-949f-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:30.000Z",
|
|
"modified": "2017-09-11T09:30:30.000Z",
|
|
"first_observed": "2017-09-11T09:30:30Z",
|
|
"last_observed": "2017-09-11T09:30:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b6-bb54-45cc-949f-a7f8950d210f",
|
|
"ipv4-addr--59b657b6-bb54-45cc-949f-a7f8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b6-bb54-45cc-949f-a7f8950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b6-bb54-45cc-949f-a7f8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b6-bb54-45cc-949f-a7f8950d210f",
|
|
"value": "185.58.7.72"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b6-a6f4-4820-9acf-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:30.000Z",
|
|
"modified": "2017-09-11T09:30:30.000Z",
|
|
"pattern": "[url:value = 'http://corpsynergies.com.au/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b6-3150-410a-8c52-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:30.000Z",
|
|
"modified": "2017-09-11T09:30:30.000Z",
|
|
"pattern": "[domain-name:value = 'corpsynergies.com.au']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b7-f00c-4f8d-b1d2-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:31.000Z",
|
|
"modified": "2017-09-11T09:30:31.000Z",
|
|
"first_observed": "2017-09-11T09:30:31Z",
|
|
"last_observed": "2017-09-11T09:30:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b7-f00c-4f8d-b1d2-0a3e950d210f",
|
|
"ipv4-addr--59b657b7-f00c-4f8d-b1d2-0a3e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b7-f00c-4f8d-b1d2-0a3e950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b7-f00c-4f8d-b1d2-0a3e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b7-f00c-4f8d-b1d2-0a3e950d210f",
|
|
"value": "122.201.85.3"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b7-de74-4625-933d-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:31.000Z",
|
|
"modified": "2017-09-11T09:30:31.000Z",
|
|
"pattern": "[url:value = 'http://dalvarea.ro/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b7-75d0-465e-8f20-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:31.000Z",
|
|
"modified": "2017-09-11T09:30:31.000Z",
|
|
"pattern": "[domain-name:value = 'dalvarea.ro']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b8-9b68-4f5f-8216-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:32.000Z",
|
|
"modified": "2017-09-11T09:30:32.000Z",
|
|
"first_observed": "2017-09-11T09:30:32Z",
|
|
"last_observed": "2017-09-11T09:30:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b8-9b68-4f5f-8216-faa1950d210f",
|
|
"ipv4-addr--59b657b8-9b68-4f5f-8216-faa1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b8-9b68-4f5f-8216-faa1950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b8-9b68-4f5f-8216-faa1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b8-9b68-4f5f-8216-faa1950d210f",
|
|
"value": "188.241.152.101"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b8-1e30-444a-9239-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:32.000Z",
|
|
"modified": "2017-09-11T09:30:32.000Z",
|
|
"pattern": "[url:value = 'http://dispjutr.nl/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b8-03a8-452a-a3ee-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:32.000Z",
|
|
"modified": "2017-09-11T09:30:32.000Z",
|
|
"pattern": "[domain-name:value = 'dispjutr.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657b8-e8d4-49cc-80a7-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:32.000Z",
|
|
"modified": "2017-09-11T09:30:32.000Z",
|
|
"first_observed": "2017-09-11T09:30:32Z",
|
|
"last_observed": "2017-09-11T09:30:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657b8-e8d4-49cc-80a7-0a3e950d210f",
|
|
"ipv4-addr--59b657b8-e8d4-49cc-80a7-0a3e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657b8-e8d4-49cc-80a7-0a3e950d210f",
|
|
"dst_ref": "ipv4-addr--59b657b8-e8d4-49cc-80a7-0a3e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657b8-e8d4-49cc-80a7-0a3e950d210f",
|
|
"value": "144.76.149.235"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b9-6144-4a30-8199-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:33.000Z",
|
|
"modified": "2017-09-11T09:30:33.000Z",
|
|
"pattern": "[url:value = 'http://enmee.net/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657b9-0074-40a4-938a-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:33.000Z",
|
|
"modified": "2017-09-11T09:30:33.000Z",
|
|
"pattern": "[domain-name:value = 'enmee.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ba-f58c-4325-a8d2-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:34.000Z",
|
|
"modified": "2017-09-11T09:30:34.000Z",
|
|
"first_observed": "2017-09-11T09:30:34Z",
|
|
"last_observed": "2017-09-11T09:30:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ba-f58c-4325-a8d2-fcd2950d210f",
|
|
"ipv4-addr--59b657ba-f58c-4325-a8d2-fcd2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ba-f58c-4325-a8d2-fcd2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ba-f58c-4325-a8d2-fcd2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ba-f58c-4325-a8d2-fcd2950d210f",
|
|
"value": "209.54.62.90"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ba-3648-4d9f-89b6-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:34.000Z",
|
|
"modified": "2017-09-11T09:30:34.000Z",
|
|
"pattern": "[url:value = 'http://epidermis.nl/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ba-7b6c-421f-9994-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:34.000Z",
|
|
"modified": "2017-09-11T09:30:34.000Z",
|
|
"pattern": "[domain-name:value = 'epidermis.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ba-26a4-47c6-933b-1285950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:34.000Z",
|
|
"modified": "2017-09-11T09:30:34.000Z",
|
|
"first_observed": "2017-09-11T09:30:34Z",
|
|
"last_observed": "2017-09-11T09:30:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ba-26a4-47c6-933b-1285950d210f",
|
|
"ipv4-addr--59b657ba-26a4-47c6-933b-1285950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ba-26a4-47c6-933b-1285950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ba-26a4-47c6-933b-1285950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ba-26a4-47c6-933b-1285950d210f",
|
|
"value": "109.237.217.40"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ba-f7e4-41fa-a96a-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:34.000Z",
|
|
"modified": "2017-09-11T09:30:34.000Z",
|
|
"pattern": "[url:value = 'http://fortcollins-accounting.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bb-47f8-487a-a828-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:35.000Z",
|
|
"modified": "2017-09-11T09:30:35.000Z",
|
|
"pattern": "[domain-name:value = 'fortcollins-accounting.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657bb-4464-4fed-9e7f-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:35.000Z",
|
|
"modified": "2017-09-11T09:30:35.000Z",
|
|
"first_observed": "2017-09-11T09:30:35Z",
|
|
"last_observed": "2017-09-11T09:30:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657bb-4464-4fed-9e7f-fcd2950d210f",
|
|
"ipv4-addr--59b657bb-4464-4fed-9e7f-fcd2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657bb-4464-4fed-9e7f-fcd2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657bb-4464-4fed-9e7f-fcd2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657bb-4464-4fed-9e7f-fcd2950d210f",
|
|
"value": "74.208.43.105"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bb-ee34-4bae-8d79-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:35.000Z",
|
|
"modified": "2017-09-11T09:30:35.000Z",
|
|
"pattern": "[url:value = 'http://globoart.es/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bb-52b0-4b58-8109-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:35.000Z",
|
|
"modified": "2017-09-11T09:30:35.000Z",
|
|
"pattern": "[domain-name:value = 'globoart.es']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657bc-3d84-466a-b22c-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:36.000Z",
|
|
"modified": "2017-09-11T09:30:36.000Z",
|
|
"first_observed": "2017-09-11T09:30:36Z",
|
|
"last_observed": "2017-09-11T09:30:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657bc-3d84-466a-b22c-fc77950d210f",
|
|
"ipv4-addr--59b657bc-3d84-466a-b22c-fc77950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657bc-3d84-466a-b22c-fc77950d210f",
|
|
"dst_ref": "ipv4-addr--59b657bc-3d84-466a-b22c-fc77950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657bc-3d84-466a-b22c-fc77950d210f",
|
|
"value": "86.109.170.198"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bc-101c-4249-920d-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:36.000Z",
|
|
"modified": "2017-09-11T09:30:36.000Z",
|
|
"pattern": "[url:value = 'http://horsetaxiva.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bc-0e8c-4f10-8d7e-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:36.000Z",
|
|
"modified": "2017-09-11T09:30:36.000Z",
|
|
"pattern": "[domain-name:value = 'horsetaxiva.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bd-0e00-49cb-94fe-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:37.000Z",
|
|
"modified": "2017-09-11T09:30:37.000Z",
|
|
"pattern": "[url:value = 'http://ht-gmbh.de/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bd-8620-4b2e-8301-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:37.000Z",
|
|
"modified": "2017-09-11T09:30:37.000Z",
|
|
"pattern": "[domain-name:value = 'ht-gmbh.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657bd-f03c-45b9-902b-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:37.000Z",
|
|
"modified": "2017-09-11T09:30:37.000Z",
|
|
"first_observed": "2017-09-11T09:30:37Z",
|
|
"last_observed": "2017-09-11T09:30:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657bd-f03c-45b9-902b-a7d3950d210f",
|
|
"ipv4-addr--59b657bd-f03c-45b9-902b-a7d3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657bd-f03c-45b9-902b-a7d3950d210f",
|
|
"dst_ref": "ipv4-addr--59b657bd-f03c-45b9-902b-a7d3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657bd-f03c-45b9-902b-a7d3950d210f",
|
|
"value": "87.106.222.105"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bd-c5cc-4fe9-9add-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:37.000Z",
|
|
"modified": "2017-09-11T09:30:37.000Z",
|
|
"pattern": "[url:value = 'http://ichinose.de/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bd-7070-42c6-8c20-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:37.000Z",
|
|
"modified": "2017-09-11T09:30:37.000Z",
|
|
"pattern": "[domain-name:value = 'ichinose.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657be-4abc-4b35-91e1-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:38.000Z",
|
|
"modified": "2017-09-11T09:30:38.000Z",
|
|
"pattern": "[url:value = 'http://imblog.de/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657be-19a4-4450-8d8d-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:38.000Z",
|
|
"modified": "2017-09-11T09:30:38.000Z",
|
|
"pattern": "[domain-name:value = 'imblog.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657be-0c10-4709-9bd6-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:38.000Z",
|
|
"modified": "2017-09-11T09:30:38.000Z",
|
|
"first_observed": "2017-09-11T09:30:38Z",
|
|
"last_observed": "2017-09-11T09:30:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657be-0c10-4709-9bd6-abb2950d210f",
|
|
"ipv4-addr--59b657be-0c10-4709-9bd6-abb2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657be-0c10-4709-9bd6-abb2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657be-0c10-4709-9bd6-abb2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657be-0c10-4709-9bd6-abb2950d210f",
|
|
"value": "83.169.46.210"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657be-7d44-4ee7-9ab2-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:38.000Z",
|
|
"modified": "2017-09-11T09:30:38.000Z",
|
|
"pattern": "[url:value = 'http://inseasonfoods.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657be-dd1c-4c19-be90-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:38.000Z",
|
|
"modified": "2017-09-11T09:30:38.000Z",
|
|
"pattern": "[domain-name:value = 'inseasonfoods.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657bf-a034-4d2e-840f-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:39.000Z",
|
|
"modified": "2017-09-11T09:30:39.000Z",
|
|
"first_observed": "2017-09-11T09:30:39Z",
|
|
"last_observed": "2017-09-11T09:30:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657bf-a034-4d2e-840f-fd31950d210f",
|
|
"ipv4-addr--59b657bf-a034-4d2e-840f-fd31950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657bf-a034-4d2e-840f-fd31950d210f",
|
|
"dst_ref": "ipv4-addr--59b657bf-a034-4d2e-840f-fd31950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657bf-a034-4d2e-840f-fd31950d210f",
|
|
"value": "203.146.43.13"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bf-8204-4b61-a64e-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:39.000Z",
|
|
"modified": "2017-09-11T09:30:39.000Z",
|
|
"pattern": "[url:value = 'http://ipezuela.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657bf-c6f4-45f5-b208-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:39.000Z",
|
|
"modified": "2017-09-11T09:30:39.000Z",
|
|
"pattern": "[domain-name:value = 'ipezuela.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c0-d98c-46ba-9c2e-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:40.000Z",
|
|
"modified": "2017-09-11T09:30:40.000Z",
|
|
"first_observed": "2017-09-11T09:30:40Z",
|
|
"last_observed": "2017-09-11T09:30:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c0-d98c-46ba-9c2e-fc5a950d210f",
|
|
"ipv4-addr--59b657c0-d98c-46ba-9c2e-fc5a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c0-d98c-46ba-9c2e-fc5a950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c0-d98c-46ba-9c2e-fc5a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c0-d98c-46ba-9c2e-fc5a950d210f",
|
|
"value": "185.92.244.77"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c0-f504-4165-9e95-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:40.000Z",
|
|
"modified": "2017-09-11T09:30:40.000Z",
|
|
"pattern": "[url:value = 'http://itsmaterial.us/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c0-96a0-4298-83e2-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:40.000Z",
|
|
"modified": "2017-09-11T09:30:40.000Z",
|
|
"pattern": "[domain-name:value = 'itsmaterial.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c0-6534-49b6-be5e-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:40.000Z",
|
|
"modified": "2017-09-11T09:30:40.000Z",
|
|
"first_observed": "2017-09-11T09:30:40Z",
|
|
"last_observed": "2017-09-11T09:30:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c0-6534-49b6-be5e-fba2950d210f",
|
|
"ipv4-addr--59b657c0-6534-49b6-be5e-fba2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c0-6534-49b6-be5e-fba2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c0-6534-49b6-be5e-fba2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c0-6534-49b6-be5e-fba2950d210f",
|
|
"value": "98.124.252.176"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c1-b270-45a7-b5c1-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:41.000Z",
|
|
"modified": "2017-09-11T09:30:41.000Z",
|
|
"pattern": "[url:value = 'http://janmo.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c1-1d28-4460-a2a4-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:41.000Z",
|
|
"modified": "2017-09-11T09:30:41.000Z",
|
|
"pattern": "[domain-name:value = 'janmo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c1-914c-40e0-ab7e-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:41.000Z",
|
|
"modified": "2017-09-11T09:30:41.000Z",
|
|
"first_observed": "2017-09-11T09:30:41Z",
|
|
"last_observed": "2017-09-11T09:30:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c1-914c-40e0-ab7e-14d9950d210f",
|
|
"ipv4-addr--59b657c1-914c-40e0-ab7e-14d9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c1-914c-40e0-ab7e-14d9950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c1-914c-40e0-ab7e-14d9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c1-914c-40e0-ab7e-14d9950d210f",
|
|
"value": "91.102.64.151"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c1-b0a4-4569-9a60-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:41.000Z",
|
|
"modified": "2017-09-11T09:30:41.000Z",
|
|
"pattern": "[url:value = 'http://jeangurunlian.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c1-3ed8-4c9f-8d01-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:41.000Z",
|
|
"modified": "2017-09-11T09:30:41.000Z",
|
|
"pattern": "[domain-name:value = 'jeangurunlian.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c2-ec08-4fea-b9b6-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:42.000Z",
|
|
"modified": "2017-09-11T09:30:42.000Z",
|
|
"first_observed": "2017-09-11T09:30:42Z",
|
|
"last_observed": "2017-09-11T09:30:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c2-ec08-4fea-b9b6-fd30950d210f",
|
|
"ipv4-addr--59b657c2-ec08-4fea-b9b6-fd30950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c2-ec08-4fea-b9b6-fd30950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c2-ec08-4fea-b9b6-fd30950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c2-ec08-4fea-b9b6-fd30950d210f",
|
|
"value": "98.124.251.202"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c2-e010-46d9-8ada-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:42.000Z",
|
|
"modified": "2017-09-11T09:30:42.000Z",
|
|
"pattern": "[url:value = 'http://jozsabarnabas.hu/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c2-65ec-4926-807d-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:42.000Z",
|
|
"modified": "2017-09-11T09:30:42.000Z",
|
|
"pattern": "[domain-name:value = 'jozsabarnabas.hu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c2-3148-4c4b-9ea3-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:42.000Z",
|
|
"modified": "2017-09-11T09:30:42.000Z",
|
|
"first_observed": "2017-09-11T09:30:42Z",
|
|
"last_observed": "2017-09-11T09:30:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c2-3148-4c4b-9ea3-170a950d210f",
|
|
"ipv4-addr--59b657c2-3148-4c4b-9ea3-170a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c2-3148-4c4b-9ea3-170a950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c2-3148-4c4b-9ea3-170a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c2-3148-4c4b-9ea3-170a950d210f",
|
|
"value": "87.229.45.38"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c2-5d78-40c2-a06d-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:42.000Z",
|
|
"modified": "2017-09-11T09:30:42.000Z",
|
|
"pattern": "[url:value = 'http://kalorsystem.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c3-7b4c-429e-a7bc-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:43.000Z",
|
|
"modified": "2017-09-11T09:30:43.000Z",
|
|
"pattern": "[domain-name:value = 'kalorsystem.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c3-3e20-45cc-b60b-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:43.000Z",
|
|
"modified": "2017-09-11T09:30:43.000Z",
|
|
"first_observed": "2017-09-11T09:30:43Z",
|
|
"last_observed": "2017-09-11T09:30:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c3-3e20-45cc-b60b-abb2950d210f",
|
|
"ipv4-addr--59b657c3-3e20-45cc-b60b-abb2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c3-3e20-45cc-b60b-abb2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c3-3e20-45cc-b60b-abb2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c3-3e20-45cc-b60b-abb2950d210f",
|
|
"value": "95.110.231.145"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c3-9350-433c-8f85-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:43.000Z",
|
|
"modified": "2017-09-11T09:30:43.000Z",
|
|
"pattern": "[url:value = 'http://kedemcapital.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c3-794c-4ec8-aed2-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:43.000Z",
|
|
"modified": "2017-09-11T09:30:43.000Z",
|
|
"pattern": "[domain-name:value = 'kedemcapital.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c4-d0c4-41d7-8e77-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:44.000Z",
|
|
"modified": "2017-09-11T09:30:44.000Z",
|
|
"first_observed": "2017-09-11T09:30:44Z",
|
|
"last_observed": "2017-09-11T09:30:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c4-d0c4-41d7-8e77-fb96950d210f",
|
|
"ipv4-addr--59b657c4-d0c4-41d7-8e77-fb96950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c4-d0c4-41d7-8e77-fb96950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c4-d0c4-41d7-8e77-fb96950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c4-d0c4-41d7-8e77-fb96950d210f",
|
|
"value": "64.6.225.174"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c4-4748-4791-a420-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:44.000Z",
|
|
"modified": "2017-09-11T09:30:44.000Z",
|
|
"pattern": "[url:value = 'http://lacosturera.es/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c4-9c9c-424e-95c6-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:44.000Z",
|
|
"modified": "2017-09-11T09:30:44.000Z",
|
|
"pattern": "[domain-name:value = 'lacosturera.es']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c5-01f8-486e-a4a0-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:45.000Z",
|
|
"modified": "2017-09-11T09:30:45.000Z",
|
|
"pattern": "[url:value = 'http://leightonbrothers.co.uk/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c5-d578-44a3-bf84-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:45.000Z",
|
|
"modified": "2017-09-11T09:30:45.000Z",
|
|
"pattern": "[domain-name:value = 'leightonbrothers.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c5-612c-4701-a9b3-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:45.000Z",
|
|
"modified": "2017-09-11T09:30:45.000Z",
|
|
"first_observed": "2017-09-11T09:30:45Z",
|
|
"last_observed": "2017-09-11T09:30:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c5-612c-4701-a9b3-a4fe950d210f",
|
|
"ipv4-addr--59b657c5-612c-4701-a9b3-a4fe950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c5-612c-4701-a9b3-a4fe950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c5-612c-4701-a9b3-a4fe950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c5-612c-4701-a9b3-a4fe950d210f",
|
|
"value": "87.106.150.83"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c5-05e8-4801-863c-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:45.000Z",
|
|
"modified": "2017-09-11T09:30:45.000Z",
|
|
"pattern": "[url:value = 'http://lynchslandscaping.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c5-d1cc-4863-a6c0-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:45.000Z",
|
|
"modified": "2017-09-11T09:30:45.000Z",
|
|
"pattern": "[domain-name:value = 'lynchslandscaping.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c6-bb38-45a4-a501-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:46.000Z",
|
|
"modified": "2017-09-11T09:30:46.000Z",
|
|
"pattern": "[url:value = 'http://maerkergruppe.de/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c6-c9a0-4d99-b755-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:46.000Z",
|
|
"modified": "2017-09-11T09:30:46.000Z",
|
|
"pattern": "[domain-name:value = 'maerkergruppe.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c6-d6cc-4ba9-b26f-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:46.000Z",
|
|
"modified": "2017-09-11T09:30:46.000Z",
|
|
"first_observed": "2017-09-11T09:30:46Z",
|
|
"last_observed": "2017-09-11T09:30:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c6-d6cc-4ba9-b26f-fc5a950d210f",
|
|
"ipv4-addr--59b657c6-d6cc-4ba9-b26f-fc5a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c6-d6cc-4ba9-b26f-fc5a950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c6-d6cc-4ba9-b26f-fc5a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c6-d6cc-4ba9-b26f-fc5a950d210f",
|
|
"value": "213.165.91.38"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c7-6cb8-40e7-a569-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:47.000Z",
|
|
"modified": "2017-09-11T09:30:47.000Z",
|
|
"pattern": "[url:value = 'http://malvapraha.cz/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c7-fee0-4f15-a136-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:47.000Z",
|
|
"modified": "2017-09-11T09:30:47.000Z",
|
|
"pattern": "[domain-name:value = 'malvapraha.cz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c7-3dd8-4f79-8c69-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:47.000Z",
|
|
"modified": "2017-09-11T09:30:47.000Z",
|
|
"first_observed": "2017-09-11T09:30:47Z",
|
|
"last_observed": "2017-09-11T09:30:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c7-3dd8-4f79-8c69-0a3e950d210f",
|
|
"ipv4-addr--59b657c7-3dd8-4f79-8c69-0a3e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c7-3dd8-4f79-8c69-0a3e950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c7-3dd8-4f79-8c69-0a3e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c7-3dd8-4f79-8c69-0a3e950d210f",
|
|
"value": "78.24.8.144"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c7-b7d4-4a71-b73b-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:47.000Z",
|
|
"modified": "2017-09-11T09:30:47.000Z",
|
|
"pattern": "[url:value = 'http://ma-patents.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c7-e264-42ce-a6d1-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:47.000Z",
|
|
"modified": "2017-09-11T09:30:47.000Z",
|
|
"pattern": "[domain-name:value = 'ma-patents.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c8-0924-4614-997a-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:48.000Z",
|
|
"modified": "2017-09-11T09:30:48.000Z",
|
|
"first_observed": "2017-09-11T09:30:48Z",
|
|
"last_observed": "2017-09-11T09:30:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c8-0924-4614-997a-fba2950d210f",
|
|
"ipv4-addr--59b657c8-0924-4614-997a-fba2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c8-0924-4614-997a-fba2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c8-0924-4614-997a-fba2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c8-0924-4614-997a-fba2950d210f",
|
|
"value": "91.142.211.175"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c8-2eac-4124-904e-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:48.000Z",
|
|
"modified": "2017-09-11T09:30:48.000Z",
|
|
"pattern": "[url:value = 'http://masjardin.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c8-d3bc-4e46-a504-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:48.000Z",
|
|
"modified": "2017-09-11T09:30:48.000Z",
|
|
"pattern": "[domain-name:value = 'masjardin.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657c9-21b0-433a-b250-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:49.000Z",
|
|
"modified": "2017-09-11T09:30:49.000Z",
|
|
"first_observed": "2017-09-11T09:30:49Z",
|
|
"last_observed": "2017-09-11T09:30:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657c9-21b0-433a-b250-0a3c950d210f",
|
|
"ipv4-addr--59b657c9-21b0-433a-b250-0a3c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657c9-21b0-433a-b250-0a3c950d210f",
|
|
"dst_ref": "ipv4-addr--59b657c9-21b0-433a-b250-0a3c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657c9-21b0-433a-b250-0a3c950d210f",
|
|
"value": "86.109.170.66"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c9-5f14-4ba9-9c56-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:49.000Z",
|
|
"modified": "2017-09-11T09:30:49.000Z",
|
|
"pattern": "[url:value = 'http://maurocesari.it/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657c9-9d58-4f6c-92ce-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:49.000Z",
|
|
"modified": "2017-09-11T09:30:49.000Z",
|
|
"pattern": "[domain-name:value = 'maurocesari.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ca-5b28-47cb-a490-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:50.000Z",
|
|
"modified": "2017-09-11T09:30:50.000Z",
|
|
"first_observed": "2017-09-11T09:30:50Z",
|
|
"last_observed": "2017-09-11T09:30:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ca-5b28-47cb-a490-fd30950d210f",
|
|
"ipv4-addr--59b657ca-5b28-47cb-a490-fd30950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ca-5b28-47cb-a490-fd30950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ca-5b28-47cb-a490-fd30950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ca-5b28-47cb-a490-fd30950d210f",
|
|
"value": "66.71.182.143"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ca-df04-48aa-a8a6-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:50.000Z",
|
|
"modified": "2017-09-11T09:30:50.000Z",
|
|
"pattern": "[url:value = 'http://miguelangeltrabado.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ca-92a0-447a-b8c5-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:50.000Z",
|
|
"modified": "2017-09-11T09:30:50.000Z",
|
|
"pattern": "[domain-name:value = 'miguelangeltrabado.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ca-bddc-446a-acc1-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:50.000Z",
|
|
"modified": "2017-09-11T09:30:50.000Z",
|
|
"first_observed": "2017-09-11T09:30:50Z",
|
|
"last_observed": "2017-09-11T09:30:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ca-bddc-446a-acc1-170a950d210f",
|
|
"ipv4-addr--59b657ca-bddc-446a-acc1-170a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ca-bddc-446a-acc1-170a950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ca-bddc-446a-acc1-170a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ca-bddc-446a-acc1-170a950d210f",
|
|
"value": "91.142.215.51"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ca-da10-4be4-bd5f-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:50.000Z",
|
|
"modified": "2017-09-11T09:30:50.000Z",
|
|
"pattern": "[url:value = 'http://missiegeslaagd.nl/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cb-f018-4e6e-a1bc-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:51.000Z",
|
|
"modified": "2017-09-11T09:30:51.000Z",
|
|
"pattern": "[domain-name:value = 'missiegeslaagd.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657cb-63b0-4b46-8d94-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:51.000Z",
|
|
"modified": "2017-09-11T09:30:51.000Z",
|
|
"first_observed": "2017-09-11T09:30:51Z",
|
|
"last_observed": "2017-09-11T09:30:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657cb-63b0-4b46-8d94-faa1950d210f",
|
|
"ipv4-addr--59b657cb-63b0-4b46-8d94-faa1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657cb-63b0-4b46-8d94-faa1950d210f",
|
|
"dst_ref": "ipv4-addr--59b657cb-63b0-4b46-8d94-faa1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657cb-63b0-4b46-8d94-faa1950d210f",
|
|
"value": "46.235.44.98"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cb-cf9c-4c00-b253-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:51.000Z",
|
|
"modified": "2017-09-11T09:30:51.000Z",
|
|
"pattern": "[url:value = 'http://motifahsap.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cb-cfc0-4407-a8b5-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:51.000Z",
|
|
"modified": "2017-09-11T09:30:51.000Z",
|
|
"pattern": "[domain-name:value = 'motifahsap.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657cc-59f4-4957-bf4c-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:52.000Z",
|
|
"modified": "2017-09-11T09:30:52.000Z",
|
|
"first_observed": "2017-09-11T09:30:52Z",
|
|
"last_observed": "2017-09-11T09:30:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657cc-59f4-4957-bf4c-1684950d210f",
|
|
"ipv4-addr--59b657cc-59f4-4957-bf4c-1684950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657cc-59f4-4957-bf4c-1684950d210f",
|
|
"dst_ref": "ipv4-addr--59b657cc-59f4-4957-bf4c-1684950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657cc-59f4-4957-bf4c-1684950d210f",
|
|
"value": "188.132.180.113"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cc-52f4-4bb2-9716-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:52.000Z",
|
|
"modified": "2017-09-11T09:30:52.000Z",
|
|
"pattern": "[url:value = 'http://murugan.net/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cc-9e48-431d-b775-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:52.000Z",
|
|
"modified": "2017-09-11T09:30:52.000Z",
|
|
"pattern": "[domain-name:value = 'murugan.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657cd-2790-402f-a0fa-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:53.000Z",
|
|
"modified": "2017-09-11T09:30:53.000Z",
|
|
"first_observed": "2017-09-11T09:30:53Z",
|
|
"last_observed": "2017-09-11T09:30:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657cd-2790-402f-a0fa-fb96950d210f",
|
|
"ipv4-addr--59b657cd-2790-402f-a0fa-fb96950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657cd-2790-402f-a0fa-fb96950d210f",
|
|
"dst_ref": "ipv4-addr--59b657cd-2790-402f-a0fa-fb96950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657cd-2790-402f-a0fa-fb96950d210f",
|
|
"value": "184.168.92.220"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cd-99e0-42a7-8455-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:53.000Z",
|
|
"modified": "2017-09-11T09:30:53.000Z",
|
|
"pattern": "[url:value = 'http://nekkeveldecoplus.nl/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cd-be84-4d93-b131-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:53.000Z",
|
|
"modified": "2017-09-11T09:30:53.000Z",
|
|
"pattern": "[domain-name:value = 'nekkeveldecoplus.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cd-9aa4-4a6c-82b1-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:53.000Z",
|
|
"modified": "2017-09-11T09:30:53.000Z",
|
|
"pattern": "[url:value = 'http://noivolontari.it/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ce-5e88-4104-952b-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:54.000Z",
|
|
"modified": "2017-09-11T09:30:54.000Z",
|
|
"pattern": "[domain-name:value = 'noivolontari.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ce-dca0-4b1e-aef6-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:54.000Z",
|
|
"modified": "2017-09-11T09:30:54.000Z",
|
|
"first_observed": "2017-09-11T09:30:54Z",
|
|
"last_observed": "2017-09-11T09:30:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ce-dca0-4b1e-aef6-faa1950d210f",
|
|
"ipv4-addr--59b657ce-dca0-4b1e-aef6-faa1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ce-dca0-4b1e-aef6-faa1950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ce-dca0-4b1e-aef6-faa1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ce-dca0-4b1e-aef6-faa1950d210f",
|
|
"value": "217.73.227.30"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ce-e5dc-4f4e-a030-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:54.000Z",
|
|
"modified": "2017-09-11T09:30:54.000Z",
|
|
"pattern": "[url:value = 'http://norsky.pt/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ce-9434-4c43-9e30-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:54.000Z",
|
|
"modified": "2017-09-11T09:30:54.000Z",
|
|
"pattern": "[domain-name:value = 'norsky.pt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657cf-4548-4d31-bd0c-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:55.000Z",
|
|
"modified": "2017-09-11T09:30:55.000Z",
|
|
"first_observed": "2017-09-11T09:30:55Z",
|
|
"last_observed": "2017-09-11T09:30:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657cf-4548-4d31-bd0c-a4fe950d210f",
|
|
"ipv4-addr--59b657cf-4548-4d31-bd0c-a4fe950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657cf-4548-4d31-bd0c-a4fe950d210f",
|
|
"dst_ref": "ipv4-addr--59b657cf-4548-4d31-bd0c-a4fe950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657cf-4548-4d31-bd0c-a4fe950d210f",
|
|
"value": "109.71.42.24"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cf-199c-4e24-b70c-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:55.000Z",
|
|
"modified": "2017-09-11T09:30:55.000Z",
|
|
"pattern": "[url:value = 'http://olhoeftfinancial.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657cf-68d8-46f1-8b3c-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:55.000Z",
|
|
"modified": "2017-09-11T09:30:55.000Z",
|
|
"pattern": "[domain-name:value = 'olhoeftfinancial.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657cf-d9e4-47f9-9aa0-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:55.000Z",
|
|
"modified": "2017-09-11T09:30:55.000Z",
|
|
"first_observed": "2017-09-11T09:30:55Z",
|
|
"last_observed": "2017-09-11T09:30:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657cf-d9e4-47f9-9aa0-fb96950d210f",
|
|
"ipv4-addr--59b657cf-d9e4-47f9-9aa0-fb96950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657cf-d9e4-47f9-9aa0-fb96950d210f",
|
|
"dst_ref": "ipv4-addr--59b657cf-d9e4-47f9-9aa0-fb96950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657cf-d9e4-47f9-9aa0-fb96950d210f",
|
|
"value": "68.171.36.69"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d0-1380-49b4-99bd-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:56.000Z",
|
|
"modified": "2017-09-11T09:30:56.000Z",
|
|
"pattern": "[url:value = 'http://oscarbuitron.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d0-5aa0-444a-ac74-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:56.000Z",
|
|
"modified": "2017-09-11T09:30:56.000Z",
|
|
"pattern": "[domain-name:value = 'oscarbuitron.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657d0-77fc-4206-a721-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:56.000Z",
|
|
"modified": "2017-09-11T09:30:56.000Z",
|
|
"first_observed": "2017-09-11T09:30:56Z",
|
|
"last_observed": "2017-09-11T09:30:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657d0-77fc-4206-a721-14d9950d210f",
|
|
"ipv4-addr--59b657d0-77fc-4206-a721-14d9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657d0-77fc-4206-a721-14d9950d210f",
|
|
"dst_ref": "ipv4-addr--59b657d0-77fc-4206-a721-14d9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657d0-77fc-4206-a721-14d9950d210f",
|
|
"value": "65.44.220.57"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d1-4068-45ad-9015-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:57.000Z",
|
|
"modified": "2017-09-11T09:30:57.000Z",
|
|
"pattern": "[url:value = 'http://pagosdelrey.mobi/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d1-4ae0-4864-ad1f-1285950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:57.000Z",
|
|
"modified": "2017-09-11T09:30:57.000Z",
|
|
"pattern": "[domain-name:value = 'pagosdelrey.mobi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657d1-aa6c-4259-a85d-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:57.000Z",
|
|
"modified": "2017-09-11T09:30:57.000Z",
|
|
"first_observed": "2017-09-11T09:30:57Z",
|
|
"last_observed": "2017-09-11T09:30:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657d1-aa6c-4259-a85d-faa1950d210f",
|
|
"ipv4-addr--59b657d1-aa6c-4259-a85d-faa1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657d1-aa6c-4259-a85d-faa1950d210f",
|
|
"dst_ref": "ipv4-addr--59b657d1-aa6c-4259-a85d-faa1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657d1-aa6c-4259-a85d-faa1950d210f",
|
|
"value": "5.2.27.27"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d2-e468-42cb-ac56-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:58.000Z",
|
|
"modified": "2017-09-11T09:30:58.000Z",
|
|
"pattern": "[url:value = 'http://parsonsandnichols.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d2-7a8c-4c7b-b4af-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:58.000Z",
|
|
"modified": "2017-09-11T09:30:58.000Z",
|
|
"pattern": "[domain-name:value = 'parsonsandnichols.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d2-0d0c-4548-8ef8-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:58.000Z",
|
|
"modified": "2017-09-11T09:30:58.000Z",
|
|
"pattern": "[url:value = 'http://pki.jwo.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d3-babc-4ab5-b627-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:59.000Z",
|
|
"modified": "2017-09-11T09:30:59.000Z",
|
|
"pattern": "[domain-name:value = 'pki.jwo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657d3-29e0-4d1c-9e1a-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:59.000Z",
|
|
"modified": "2017-09-11T09:30:59.000Z",
|
|
"first_observed": "2017-09-11T09:30:59Z",
|
|
"last_observed": "2017-09-11T09:30:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657d3-29e0-4d1c-9e1a-fb96950d210f",
|
|
"ipv4-addr--59b657d3-29e0-4d1c-9e1a-fb96950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657d3-29e0-4d1c-9e1a-fb96950d210f",
|
|
"dst_ref": "ipv4-addr--59b657d3-29e0-4d1c-9e1a-fb96950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657d3-29e0-4d1c-9e1a-fb96950d210f",
|
|
"value": "81.169.241.228"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d3-b410-4c68-945c-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:59.000Z",
|
|
"modified": "2017-09-11T09:30:59.000Z",
|
|
"pattern": "[url:value = 'http://profigera.pt/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d3-a73c-42e3-801c-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:30:59.000Z",
|
|
"modified": "2017-09-11T09:30:59.000Z",
|
|
"pattern": "[domain-name:value = 'profigera.pt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:30:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d4-6ed4-4817-a7f2-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:00.000Z",
|
|
"modified": "2017-09-11T09:31:00.000Z",
|
|
"pattern": "[url:value = 'http://qigongclub.org/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d4-fbf8-4ce9-95a0-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:00.000Z",
|
|
"modified": "2017-09-11T09:31:00.000Z",
|
|
"pattern": "[domain-name:value = 'qigongclub.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d4-d064-44e3-ac59-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:00.000Z",
|
|
"modified": "2017-09-11T09:31:00.000Z",
|
|
"pattern": "[url:value = 'http://redriverfiddlers.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d4-b8d4-4ff3-8deb-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:00.000Z",
|
|
"modified": "2017-09-11T09:31:00.000Z",
|
|
"pattern": "[domain-name:value = 'redriverfiddlers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657d5-9608-4c94-bedf-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:01.000Z",
|
|
"modified": "2017-09-11T09:31:01.000Z",
|
|
"first_observed": "2017-09-11T09:31:01Z",
|
|
"last_observed": "2017-09-11T09:31:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657d5-9608-4c94-bedf-a4fe950d210f",
|
|
"ipv4-addr--59b657d5-9608-4c94-bedf-a4fe950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657d5-9608-4c94-bedf-a4fe950d210f",
|
|
"dst_ref": "ipv4-addr--59b657d5-9608-4c94-bedf-a4fe950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657d5-9608-4c94-bedf-a4fe950d210f",
|
|
"value": "216.53.144.11"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d5-f494-4408-a847-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:01.000Z",
|
|
"modified": "2017-09-11T09:31:01.000Z",
|
|
"pattern": "[url:value = 'http://reliablemailservice.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d5-6660-4aef-9cb8-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:01.000Z",
|
|
"modified": "2017-09-11T09:31:01.000Z",
|
|
"pattern": "[domain-name:value = 'reliablemailservice.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657d6-8990-4435-8e28-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:02.000Z",
|
|
"modified": "2017-09-11T09:31:02.000Z",
|
|
"first_observed": "2017-09-11T09:31:02Z",
|
|
"last_observed": "2017-09-11T09:31:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657d6-8990-4435-8e28-a7d3950d210f",
|
|
"ipv4-addr--59b657d6-8990-4435-8e28-a7d3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657d6-8990-4435-8e28-a7d3950d210f",
|
|
"dst_ref": "ipv4-addr--59b657d6-8990-4435-8e28-a7d3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657d6-8990-4435-8e28-a7d3950d210f",
|
|
"value": "216.86.33.3"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d6-ce40-41cf-883a-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:02.000Z",
|
|
"modified": "2017-09-11T09:31:02.000Z",
|
|
"pattern": "[url:value = 'http://rlacreative.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d6-8214-49d3-8d42-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:02.000Z",
|
|
"modified": "2017-09-11T09:31:02.000Z",
|
|
"pattern": "[domain-name:value = 'rlacreative.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d7-85f0-45b7-8c86-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:03.000Z",
|
|
"modified": "2017-09-11T09:31:03.000Z",
|
|
"pattern": "[url:value = 'http://rmrcreative.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d8-79e0-4f1c-8735-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:03.000Z",
|
|
"modified": "2017-09-11T09:31:03.000Z",
|
|
"pattern": "[domain-name:value = 'rmrcreative.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657d8-6874-4858-b83c-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:04.000Z",
|
|
"modified": "2017-09-11T09:31:04.000Z",
|
|
"first_observed": "2017-09-11T09:31:04Z",
|
|
"last_observed": "2017-09-11T09:31:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657d8-6874-4858-b83c-0a3c950d210f",
|
|
"ipv4-addr--59b657d8-6874-4858-b83c-0a3c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657d8-6874-4858-b83c-0a3c950d210f",
|
|
"dst_ref": "ipv4-addr--59b657d8-6874-4858-b83c-0a3c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657d8-6874-4858-b83c-0a3c950d210f",
|
|
"value": "217.160.224.14"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d8-d11c-45eb-984c-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:04.000Z",
|
|
"modified": "2017-09-11T09:31:04.000Z",
|
|
"pattern": "[url:value = 'http://roadsideassistance.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d8-c11c-475e-aa4b-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:04.000Z",
|
|
"modified": "2017-09-11T09:31:04.000Z",
|
|
"pattern": "[domain-name:value = 'roadsideassistance.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657d9-e998-4399-a7f7-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:05.000Z",
|
|
"modified": "2017-09-11T09:31:05.000Z",
|
|
"first_observed": "2017-09-11T09:31:05Z",
|
|
"last_observed": "2017-09-11T09:31:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657d9-e998-4399-a7f7-0a3e950d210f",
|
|
"ipv4-addr--59b657d9-e998-4399-a7f7-0a3e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657d9-e998-4399-a7f7-0a3e950d210f",
|
|
"dst_ref": "ipv4-addr--59b657d9-e998-4399-a7f7-0a3e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657d9-e998-4399-a7f7-0a3e950d210f",
|
|
"value": "98.124.199.19"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d9-bf58-4f67-98fd-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:05.000Z",
|
|
"modified": "2017-09-11T09:31:05.000Z",
|
|
"pattern": "[url:value = 'http://runkel.com.mx/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657d9-38ec-4970-b933-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:05.000Z",
|
|
"modified": "2017-09-11T09:31:05.000Z",
|
|
"pattern": "[domain-name:value = 'runkel.com.mx']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657db-91e0-4f07-a836-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:07.000Z",
|
|
"modified": "2017-09-11T09:31:07.000Z",
|
|
"first_observed": "2017-09-11T09:31:07Z",
|
|
"last_observed": "2017-09-11T09:31:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657db-91e0-4f07-a836-fba2950d210f",
|
|
"ipv4-addr--59b657db-91e0-4f07-a836-fba2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657db-91e0-4f07-a836-fba2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657db-91e0-4f07-a836-fba2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657db-91e0-4f07-a836-fba2950d210f",
|
|
"value": "173.201.253.230"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657db-b64c-4bb5-8b63-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:07.000Z",
|
|
"modified": "2017-09-11T09:31:07.000Z",
|
|
"pattern": "[url:value = 'http://ryanbaptistchurch.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657db-6cf8-46f5-a3b3-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:07.000Z",
|
|
"modified": "2017-09-11T09:31:07.000Z",
|
|
"pattern": "[domain-name:value = 'ryanbaptistchurch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657dc-a5c0-4487-8b58-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:08.000Z",
|
|
"modified": "2017-09-11T09:31:08.000Z",
|
|
"first_observed": "2017-09-11T09:31:08Z",
|
|
"last_observed": "2017-09-11T09:31:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657dc-a5c0-4487-8b58-0a3c950d210f",
|
|
"ipv4-addr--59b657dc-a5c0-4487-8b58-0a3c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657dc-a5c0-4487-8b58-0a3c950d210f",
|
|
"dst_ref": "ipv4-addr--59b657dc-a5c0-4487-8b58-0a3c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657dc-a5c0-4487-8b58-0a3c950d210f",
|
|
"value": "66.36.173.246"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657dc-6664-4168-9eba-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:08.000Z",
|
|
"modified": "2017-09-11T09:31:08.000Z",
|
|
"pattern": "[url:value = 'http://scottborthwick.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657dc-8250-46e9-8d55-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:08.000Z",
|
|
"modified": "2017-09-11T09:31:08.000Z",
|
|
"pattern": "[domain-name:value = 'scottborthwick.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657dd-1854-45d6-b600-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:09.000Z",
|
|
"modified": "2017-09-11T09:31:09.000Z",
|
|
"first_observed": "2017-09-11T09:31:09Z",
|
|
"last_observed": "2017-09-11T09:31:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657dd-1854-45d6-b600-0a3e950d210f",
|
|
"ipv4-addr--59b657dd-1854-45d6-b600-0a3e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657dd-1854-45d6-b600-0a3e950d210f",
|
|
"dst_ref": "ipv4-addr--59b657dd-1854-45d6-b600-0a3e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657dd-1854-45d6-b600-0a3e950d210f",
|
|
"value": "64.6.227.48"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657dd-d654-4a97-a719-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:09.000Z",
|
|
"modified": "2017-09-11T09:31:09.000Z",
|
|
"pattern": "[url:value = 'http://sgtenterprises.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657dd-00ac-4309-bed9-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:09.000Z",
|
|
"modified": "2017-09-11T09:31:09.000Z",
|
|
"pattern": "[domain-name:value = 'sgtenterprises.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657de-8aac-4b24-ac0a-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:10.000Z",
|
|
"modified": "2017-09-11T09:31:10.000Z",
|
|
"first_observed": "2017-09-11T09:31:10Z",
|
|
"last_observed": "2017-09-11T09:31:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657de-8aac-4b24-ac0a-a7f8950d210f",
|
|
"ipv4-addr--59b657de-8aac-4b24-ac0a-a7f8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657de-8aac-4b24-ac0a-a7f8950d210f",
|
|
"dst_ref": "ipv4-addr--59b657de-8aac-4b24-ac0a-a7f8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657de-8aac-4b24-ac0a-a7f8950d210f",
|
|
"value": "66.36.163.197"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657de-0708-4fd0-bfac-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:10.000Z",
|
|
"modified": "2017-09-11T09:31:10.000Z",
|
|
"pattern": "[url:value = 'http://signlight.com.au/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657de-22fc-4f07-94dc-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:10.000Z",
|
|
"modified": "2017-09-11T09:31:10.000Z",
|
|
"pattern": "[domain-name:value = 'signlight.com.au']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657de-142c-45af-a003-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:10.000Z",
|
|
"modified": "2017-09-11T09:31:10.000Z",
|
|
"first_observed": "2017-09-11T09:31:10Z",
|
|
"last_observed": "2017-09-11T09:31:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657de-142c-45af-a003-fc77950d210f",
|
|
"ipv4-addr--59b657de-142c-45af-a003-fc77950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657de-142c-45af-a003-fc77950d210f",
|
|
"dst_ref": "ipv4-addr--59b657de-142c-45af-a003-fc77950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657de-142c-45af-a003-fc77950d210f",
|
|
"value": "203.17.73.160"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657df-6ee4-4dc8-810f-1285950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:11.000Z",
|
|
"modified": "2017-09-11T09:31:11.000Z",
|
|
"pattern": "[url:value = 'http://simonline.nl/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657df-a134-4f8a-8156-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:11.000Z",
|
|
"modified": "2017-09-11T09:31:11.000Z",
|
|
"pattern": "[domain-name:value = 'simonline.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657df-852c-4c04-b363-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:11.000Z",
|
|
"modified": "2017-09-11T09:31:11.000Z",
|
|
"first_observed": "2017-09-11T09:31:11Z",
|
|
"last_observed": "2017-09-11T09:31:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657df-852c-4c04-b363-a587950d210f",
|
|
"ipv4-addr--59b657df-852c-4c04-b363-a587950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657df-852c-4c04-b363-a587950d210f",
|
|
"dst_ref": "ipv4-addr--59b657df-852c-4c04-b363-a587950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657df-852c-4c04-b363-a587950d210f",
|
|
"value": "46.235.44.91"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657df-5f0c-4070-8212-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:11.000Z",
|
|
"modified": "2017-09-11T09:31:11.000Z",
|
|
"pattern": "[url:value = 'http://starliteskate-salina.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e0-9f14-4bd8-accc-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:12.000Z",
|
|
"modified": "2017-09-11T09:31:12.000Z",
|
|
"pattern": "[domain-name:value = 'starliteskate-salina.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e0-4294-4863-b44b-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:12.000Z",
|
|
"modified": "2017-09-11T09:31:12.000Z",
|
|
"first_observed": "2017-09-11T09:31:12Z",
|
|
"last_observed": "2017-09-11T09:31:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e0-4294-4863-b44b-a7f8950d210f",
|
|
"ipv4-addr--59b657e0-4294-4863-b44b-a7f8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e0-4294-4863-b44b-a7f8950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e0-4294-4863-b44b-a7f8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e0-4294-4863-b44b-a7f8950d210f",
|
|
"value": "68.171.34.165"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e0-fe00-476b-a795-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:12.000Z",
|
|
"modified": "2017-09-11T09:31:12.000Z",
|
|
"pattern": "[url:value = 'http://starliteskate-salina.com/fax.html=']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e1-aec4-4348-ac92-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:13.000Z",
|
|
"modified": "2017-09-11T09:31:13.000Z",
|
|
"pattern": "[url:value = 'http://staywithorchid.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e1-995c-4a1e-8f91-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:13.000Z",
|
|
"modified": "2017-09-11T09:31:13.000Z",
|
|
"pattern": "[domain-name:value = 'staywithorchid.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e2-7ea0-46bd-841a-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:14.000Z",
|
|
"modified": "2017-09-11T09:31:14.000Z",
|
|
"first_observed": "2017-09-11T09:31:14Z",
|
|
"last_observed": "2017-09-11T09:31:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e2-7ea0-46bd-841a-fd31950d210f",
|
|
"ipv4-addr--59b657e2-7ea0-46bd-841a-fd31950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e2-7ea0-46bd-841a-fd31950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e2-7ea0-46bd-841a-fd31950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e2-7ea0-46bd-841a-fd31950d210f",
|
|
"value": "49.236.200.215"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e2-2808-45a4-b136-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:14.000Z",
|
|
"modified": "2017-09-11T09:31:14.000Z",
|
|
"pattern": "[url:value = 'http://stuzdesign.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e2-4654-4bd6-be86-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:14.000Z",
|
|
"modified": "2017-09-11T09:31:14.000Z",
|
|
"pattern": "[domain-name:value = 'stuzdesign.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e3-9828-4e3e-ba39-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:15.000Z",
|
|
"modified": "2017-09-11T09:31:15.000Z",
|
|
"pattern": "[url:value = 'http://sunny-voices.de/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e3-9698-442c-95ec-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:15.000Z",
|
|
"modified": "2017-09-11T09:31:15.000Z",
|
|
"pattern": "[domain-name:value = 'sunny-voices.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e3-bce8-4ba7-8857-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:15.000Z",
|
|
"modified": "2017-09-11T09:31:15.000Z",
|
|
"first_observed": "2017-09-11T09:31:15Z",
|
|
"last_observed": "2017-09-11T09:31:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e3-bce8-4ba7-8857-a587950d210f",
|
|
"ipv4-addr--59b657e3-bce8-4ba7-8857-a587950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e3-bce8-4ba7-8857-a587950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e3-bce8-4ba7-8857-a587950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e3-bce8-4ba7-8857-a587950d210f",
|
|
"value": "213.185.88.60"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e4-5608-45f5-aa9f-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:16.000Z",
|
|
"modified": "2017-09-11T09:31:16.000Z",
|
|
"pattern": "[url:value = 'http://team-bobcat.org/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e4-a12c-47d3-b922-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:16.000Z",
|
|
"modified": "2017-09-11T09:31:16.000Z",
|
|
"pattern": "[domain-name:value = 'team-bobcat.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e4-bf74-4e58-ae45-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:16.000Z",
|
|
"modified": "2017-09-11T09:31:16.000Z",
|
|
"first_observed": "2017-09-11T09:31:16Z",
|
|
"last_observed": "2017-09-11T09:31:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e4-bf74-4e58-ae45-fd31950d210f",
|
|
"ipv4-addr--59b657e4-bf74-4e58-ae45-fd31950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e4-bf74-4e58-ae45-fd31950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e4-bf74-4e58-ae45-fd31950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e4-bf74-4e58-ae45-fd31950d210f",
|
|
"value": "212.224.65.254"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e4-be44-492a-8278-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:16.000Z",
|
|
"modified": "2017-09-11T09:31:16.000Z",
|
|
"pattern": "[url:value = 'http://theceocforeporter.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e4-6c14-4ca6-aeac-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:16.000Z",
|
|
"modified": "2017-09-11T09:31:16.000Z",
|
|
"pattern": "[domain-name:value = 'theceocforeporter.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e5-46e8-4e42-b4a9-1285950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:17.000Z",
|
|
"modified": "2017-09-11T09:31:17.000Z",
|
|
"first_observed": "2017-09-11T09:31:17Z",
|
|
"last_observed": "2017-09-11T09:31:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e5-46e8-4e42-b4a9-1285950d210f",
|
|
"ipv4-addr--59b657e5-46e8-4e42-b4a9-1285950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e5-46e8-4e42-b4a9-1285950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e5-46e8-4e42-b4a9-1285950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e5-46e8-4e42-b4a9-1285950d210f",
|
|
"value": "98.124.251.69"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e5-7f38-4f64-8faf-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:17.000Z",
|
|
"modified": "2017-09-11T09:31:17.000Z",
|
|
"pattern": "[url:value = 'http://themaninroom306.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e5-6bcc-41ee-b871-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:17.000Z",
|
|
"modified": "2017-09-11T09:31:17.000Z",
|
|
"pattern": "[domain-name:value = 'themaninroom306.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e6-fdac-4cad-80b5-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:18.000Z",
|
|
"modified": "2017-09-11T09:31:18.000Z",
|
|
"first_observed": "2017-09-11T09:31:18Z",
|
|
"last_observed": "2017-09-11T09:31:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e6-fdac-4cad-80b5-14d9950d210f",
|
|
"ipv4-addr--59b657e6-fdac-4cad-80b5-14d9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e6-fdac-4cad-80b5-14d9950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e6-fdac-4cad-80b5-14d9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e6-fdac-4cad-80b5-14d9950d210f",
|
|
"value": "208.79.200.232"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e6-d7e4-4bf5-8a39-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:18.000Z",
|
|
"modified": "2017-09-11T09:31:18.000Z",
|
|
"pattern": "[url:value = 'http://toldoslidia.es/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e6-b400-43cc-bafa-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:18.000Z",
|
|
"modified": "2017-09-11T09:31:18.000Z",
|
|
"pattern": "[domain-name:value = 'toldoslidia.es']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e6-b510-4d82-8454-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:18.000Z",
|
|
"modified": "2017-09-11T09:31:18.000Z",
|
|
"first_observed": "2017-09-11T09:31:18Z",
|
|
"last_observed": "2017-09-11T09:31:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e6-b510-4d82-8454-a4fe950d210f",
|
|
"ipv4-addr--59b657e6-b510-4d82-8454-a4fe950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e6-b510-4d82-8454-a4fe950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e6-b510-4d82-8454-a4fe950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e6-b510-4d82-8454-a4fe950d210f",
|
|
"value": "188.165.216.173"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e7-18b0-4903-8de2-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:19.000Z",
|
|
"modified": "2017-09-11T09:31:19.000Z",
|
|
"pattern": "[url:value = 'http://vdbroeck.be/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e7-5a38-404f-87fb-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:19.000Z",
|
|
"modified": "2017-09-11T09:31:19.000Z",
|
|
"pattern": "[domain-name:value = 'vdbroeck.be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e7-f130-4c88-a224-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:19.000Z",
|
|
"modified": "2017-09-11T09:31:19.000Z",
|
|
"first_observed": "2017-09-11T09:31:19Z",
|
|
"last_observed": "2017-09-11T09:31:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e7-f130-4c88-a224-fd31950d210f",
|
|
"ipv4-addr--59b657e7-f130-4c88-a224-fd31950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e7-f130-4c88-a224-fd31950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e7-f130-4c88-a224-fd31950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e7-f130-4c88-a224-fd31950d210f",
|
|
"value": "91.220.154.76"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e7-5ba0-4c4e-8e83-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:19.000Z",
|
|
"modified": "2017-09-11T09:31:19.000Z",
|
|
"pattern": "[url:value = 'http://vincent-farben.de/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e7-f724-4293-b69f-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:19.000Z",
|
|
"modified": "2017-09-11T09:31:19.000Z",
|
|
"pattern": "[domain-name:value = 'vincent-farben.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e8-3968-4370-803a-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:20.000Z",
|
|
"modified": "2017-09-11T09:31:20.000Z",
|
|
"pattern": "[url:value = 'http://vtt-maroc.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e8-bd54-4305-a9dc-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:20.000Z",
|
|
"modified": "2017-09-11T09:31:20.000Z",
|
|
"pattern": "[domain-name:value = 'vtt-maroc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657e8-0508-46ea-9d68-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:20.000Z",
|
|
"modified": "2017-09-11T09:31:20.000Z",
|
|
"first_observed": "2017-09-11T09:31:20Z",
|
|
"last_observed": "2017-09-11T09:31:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657e8-0508-46ea-9d68-1684950d210f",
|
|
"ipv4-addr--59b657e8-0508-46ea-9d68-1684950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657e8-0508-46ea-9d68-1684950d210f",
|
|
"dst_ref": "ipv4-addr--59b657e8-0508-46ea-9d68-1684950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657e8-0508-46ea-9d68-1684950d210f",
|
|
"value": "204.93.248.51"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e9-b86c-4d67-8e92-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:21.000Z",
|
|
"modified": "2017-09-11T09:31:21.000Z",
|
|
"pattern": "[url:value = 'http://yoshida-kenkokan.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657e9-d838-40df-8566-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:21.000Z",
|
|
"modified": "2017-09-11T09:31:21.000Z",
|
|
"pattern": "[domain-name:value = 'yoshida-kenkokan.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ea-c518-447d-8ea1-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:22.000Z",
|
|
"modified": "2017-09-11T09:31:22.000Z",
|
|
"first_observed": "2017-09-11T09:31:22Z",
|
|
"last_observed": "2017-09-11T09:31:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ea-c518-447d-8ea1-0a3c950d210f",
|
|
"ipv4-addr--59b657ea-c518-447d-8ea1-0a3c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ea-c518-447d-8ea1-0a3c950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ea-c518-447d-8ea1-0a3c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ea-c518-447d-8ea1-0a3c950d210f",
|
|
"value": "153.122.39.19"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ea-9078-4162-be7c-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:22.000Z",
|
|
"modified": "2017-09-11T09:31:22.000Z",
|
|
"pattern": "[url:value = 'http://zanderbrantphotography.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ea-999c-4f4f-91e6-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:22.000Z",
|
|
"modified": "2017-09-11T09:31:22.000Z",
|
|
"pattern": "[domain-name:value = 'zanderbrantphotography.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ea-d3d8-4edc-a2e0-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:22.000Z",
|
|
"modified": "2017-09-11T09:31:22.000Z",
|
|
"first_observed": "2017-09-11T09:31:22Z",
|
|
"last_observed": "2017-09-11T09:31:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ea-d3d8-4edc-a2e0-fd31950d210f",
|
|
"ipv4-addr--59b657ea-d3d8-4edc-a2e0-fd31950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ea-d3d8-4edc-a2e0-fd31950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ea-d3d8-4edc-a2e0-fd31950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ea-d3d8-4edc-a2e0-fd31950d210f",
|
|
"value": "209.213.115.115"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657eb-eb74-4ac5-bdc8-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:23.000Z",
|
|
"modified": "2017-09-11T09:31:23.000Z",
|
|
"pattern": "[url:value = 'http://zik-et-dance.com/fax.html']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657eb-ab04-44e4-bbd3-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:23.000Z",
|
|
"modified": "2017-09-11T09:31:23.000Z",
|
|
"pattern": "[domain-name:value = 'zik-et-dance.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657eb-eeec-4ac9-abb7-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:23.000Z",
|
|
"modified": "2017-09-11T09:31:23.000Z",
|
|
"first_observed": "2017-09-11T09:31:23Z",
|
|
"last_observed": "2017-09-11T09:31:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657eb-eeec-4ac9-abb7-abb2950d210f",
|
|
"ipv4-addr--59b657eb-eeec-4ac9-abb7-abb2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657eb-eeec-4ac9-abb7-abb2950d210f",
|
|
"dst_ref": "ipv4-addr--59b657eb-eeec-4ac9-abb7-abb2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657eb-eeec-4ac9-abb7-abb2950d210f",
|
|
"value": "85.31.196.7"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657eb-c484-4b65-a4af-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:23.000Z",
|
|
"modified": "2017-09-11T09:31:23.000Z",
|
|
"pattern": "[url:value = 'http://atargoryled.net/fax.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ec-ad14-4f62-8e7d-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:24.000Z",
|
|
"modified": "2017-09-11T09:31:24.000Z",
|
|
"pattern": "[domain-name:value = 'atargoryled.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ec-09c8-4356-86bb-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:24.000Z",
|
|
"modified": "2017-09-11T09:31:24.000Z",
|
|
"pattern": "[url:value = 'http://dueeffepromotion.com/uyt6bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ec-5e2c-457e-a4d7-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:24.000Z",
|
|
"modified": "2017-09-11T09:31:24.000Z",
|
|
"pattern": "[domain-name:value = 'dueeffepromotion.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ec-49b4-406d-84c4-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:24.000Z",
|
|
"modified": "2017-09-11T09:31:24.000Z",
|
|
"first_observed": "2017-09-11T09:31:24Z",
|
|
"last_observed": "2017-09-11T09:31:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ec-49b4-406d-84c4-a7f8950d210f",
|
|
"ipv4-addr--59b657ec-49b4-406d-84c4-a7f8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ec-49b4-406d-84c4-a7f8950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ec-49b4-406d-84c4-a7f8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ec-49b4-406d-84c4-a7f8950d210f",
|
|
"value": "89.96.90.14"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ed-1710-4d84-aab8-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:25.000Z",
|
|
"modified": "2017-09-11T09:31:25.000Z",
|
|
"pattern": "[url:value = 'http://brandingforbuyout.com/uyt6bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ed-f0d0-4392-9271-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:25.000Z",
|
|
"modified": "2017-09-11T09:31:25.000Z",
|
|
"pattern": "[domain-name:value = 'brandingforbuyout.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ed-50b8-4939-bf24-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:25.000Z",
|
|
"modified": "2017-09-11T09:31:25.000Z",
|
|
"first_observed": "2017-09-11T09:31:25Z",
|
|
"last_observed": "2017-09-11T09:31:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ed-50b8-4939-bf24-faa1950d210f",
|
|
"ipv4-addr--59b657ed-50b8-4939-bf24-faa1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ed-50b8-4939-bf24-faa1950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ed-50b8-4939-bf24-faa1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ed-50b8-4939-bf24-faa1950d210f",
|
|
"value": "74.208.163.59"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ed-caec-4fcf-abc1-1285950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:25.000Z",
|
|
"modified": "2017-09-11T09:31:25.000Z",
|
|
"pattern": "[url:value = 'http://etforhartohat.info/af/uyt6bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ed-f974-430e-8a67-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:25.000Z",
|
|
"modified": "2017-09-11T09:31:25.000Z",
|
|
"pattern": "[domain-name:value = 'etforhartohat.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ee-5c50-46e8-a8d1-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:26.000Z",
|
|
"modified": "2017-09-11T09:31:26.000Z",
|
|
"pattern": "[url:value = 'http://db-b-s.com/uyt6bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ee-1568-4d0a-b796-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:26.000Z",
|
|
"modified": "2017-09-11T09:31:26.000Z",
|
|
"pattern": "[domain-name:value = 'db-b-s.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b657ee-0628-484e-a667-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:26.000Z",
|
|
"modified": "2017-09-11T09:31:26.000Z",
|
|
"first_observed": "2017-09-11T09:31:26Z",
|
|
"last_observed": "2017-09-11T09:31:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b657ee-0628-484e-a667-fb96950d210f",
|
|
"ipv4-addr--59b657ee-0628-484e-a667-fb96950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b657ee-0628-484e-a667-fb96950d210f",
|
|
"dst_ref": "ipv4-addr--59b657ee-0628-484e-a667-fb96950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b657ee-0628-484e-a667-fb96950d210f",
|
|
"value": "85.25.218.100"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ef-d2f4-4a7d-b232-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:27.000Z",
|
|
"modified": "2017-09-11T09:31:27.000Z",
|
|
"pattern": "[url:value = 'http://qxr33qxr.com/uyt6bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b657ef-b95c-44fa-a8ab-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:27.000Z",
|
|
"modified": "2017-09-11T09:31:27.000Z",
|
|
"pattern": "[domain-name:value = 'qxr33qxr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b6580d-59c8-442f-a828-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:57.000Z",
|
|
"modified": "2017-09-11T09:31:57.000Z",
|
|
"first_observed": "2017-09-11T09:31:57Z",
|
|
"last_observed": "2017-09-11T09:31:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b6580d-59c8-442f-a828-fd31950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b6580d-59c8-442f-a828-fd31950d210f",
|
|
"value": "http://46.148.20.53/imageload.cgi"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b6580d-a484-4f2e-8caa-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:57.000Z",
|
|
"modified": "2017-09-11T09:31:57.000Z",
|
|
"first_observed": "2017-09-11T09:31:57Z",
|
|
"last_observed": "2017-09-11T09:31:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b6580d-a484-4f2e-8caa-faa1950d210f",
|
|
"ipv4-addr--59b6580d-a484-4f2e-8caa-faa1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b6580d-a484-4f2e-8caa-faa1950d210f",
|
|
"dst_ref": "ipv4-addr--59b6580d-a484-4f2e-8caa-faa1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b6580d-a484-4f2e-8caa-faa1950d210f",
|
|
"value": "46.148.20.53"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b6580d-eb38-4821-b413-abb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:57.000Z",
|
|
"modified": "2017-09-11T09:31:57.000Z",
|
|
"first_observed": "2017-09-11T09:31:57Z",
|
|
"last_observed": "2017-09-11T09:31:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--59b6580d-eb38-4821-b413-abb2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--59b6580d-eb38-4821-b413-abb2950d210f",
|
|
"value": "http://185.67.2.156/imageload.cgi"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59b6580e-ee44-4a1e-bbe3-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:58.000Z",
|
|
"modified": "2017-09-11T09:31:58.000Z",
|
|
"first_observed": "2017-09-11T09:31:58Z",
|
|
"last_observed": "2017-09-11T09:31:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59b6580e-ee44-4a1e-bbe3-0a3e950d210f",
|
|
"ipv4-addr--59b6580e-ee44-4a1e-bbe3-0a3e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59b6580e-ee44-4a1e-bbe3-0a3e950d210f",
|
|
"dst_ref": "ipv4-addr--59b6580e-ee44-4a1e-bbe3-0a3e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59b6580e-ee44-4a1e-bbe3-0a3e950d210f",
|
|
"value": "185.67.2.156"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b6580e-3580-416f-aed0-a7d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:58.000Z",
|
|
"modified": "2017-09-11T09:31:58.000Z",
|
|
"pattern": "[url:value = 'http://ggnsugrbvqsctbvp.xyz/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b6580e-1240-46a4-aa9e-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:58.000Z",
|
|
"modified": "2017-09-11T09:31:58.000Z",
|
|
"pattern": "[domain-name:value = 'ggnsugrbvqsctbvp.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b6580f-4ce4-4030-870a-fc77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:59.000Z",
|
|
"modified": "2017-09-11T09:31:59.000Z",
|
|
"pattern": "[url:value = 'http://ftjidnqtrkwiky.pl/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b6580f-c18c-477d-abcb-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:59.000Z",
|
|
"modified": "2017-09-11T09:31:59.000Z",
|
|
"pattern": "[domain-name:value = 'ftjidnqtrkwiky.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b6580f-f860-4833-b3e3-170a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:59.000Z",
|
|
"modified": "2017-09-11T09:31:59.000Z",
|
|
"pattern": "[url:value = 'http://eajiongaudlluhkb.pl/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b6580f-a6a0-490f-9a72-faa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:31:59.000Z",
|
|
"modified": "2017-09-11T09:31:59.000Z",
|
|
"pattern": "[domain-name:value = 'eajiongaudlluhkb.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:31:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65810-e0e4-42f3-b999-fc5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:00.000Z",
|
|
"modified": "2017-09-11T09:32:00.000Z",
|
|
"pattern": "[url:value = 'http://xxbgblqhxrjrqlnns.pl/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65810-e198-4c4e-a152-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:00.000Z",
|
|
"modified": "2017-09-11T09:32:00.000Z",
|
|
"pattern": "[domain-name:value = 'xxbgblqhxrjrqlnns.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65810-a148-4b04-a654-a7f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:00.000Z",
|
|
"modified": "2017-09-11T09:32:00.000Z",
|
|
"pattern": "[url:value = 'http://ekgetvwh.pl/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65810-7d2c-4846-8700-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:00.000Z",
|
|
"modified": "2017-09-11T09:32:00.000Z",
|
|
"pattern": "[domain-name:value = 'ekgetvwh.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65811-68dc-4a27-87e5-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:01.000Z",
|
|
"modified": "2017-09-11T09:32:01.000Z",
|
|
"pattern": "[url:value = 'http://lkjhcsqmhixsdprwr.su/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65811-a75c-4ae6-8124-fd31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:01.000Z",
|
|
"modified": "2017-09-11T09:32:01.000Z",
|
|
"pattern": "[domain-name:value = 'lkjhcsqmhixsdprwr.su']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65811-b154-4f07-8f17-14d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:01.000Z",
|
|
"modified": "2017-09-11T09:32:01.000Z",
|
|
"pattern": "[url:value = 'http://trgqoebfdyuaclh.info/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65812-7e54-459b-bb38-1285950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:02.000Z",
|
|
"modified": "2017-09-11T09:32:02.000Z",
|
|
"pattern": "[domain-name:value = 'trgqoebfdyuaclh.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65812-6678-4961-aa46-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:02.000Z",
|
|
"modified": "2017-09-11T09:32:02.000Z",
|
|
"pattern": "[url:value = 'http://qlkqntykkr.ru/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65812-dd9c-4b68-8137-a587950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:02.000Z",
|
|
"modified": "2017-09-11T09:32:02.000Z",
|
|
"pattern": "[domain-name:value = 'qlkqntykkr.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65813-ba78-42d8-b94a-fcd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:03.000Z",
|
|
"modified": "2017-09-11T09:32:03.000Z",
|
|
"pattern": "[url:value = 'http://tcjrsqduhpswxme.xyz/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65813-b44c-4ef7-b818-0a3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:03.000Z",
|
|
"modified": "2017-09-11T09:32:03.000Z",
|
|
"pattern": "[domain-name:value = 'tcjrsqduhpswxme.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65813-a6e4-4079-84bd-a4fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:03.000Z",
|
|
"modified": "2017-09-11T09:32:03.000Z",
|
|
"pattern": "[url:value = 'http://ulmumqxei.ru/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65813-2034-48b8-b769-fba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:03.000Z",
|
|
"modified": "2017-09-11T09:32:03.000Z",
|
|
"pattern": "[domain-name:value = 'ulmumqxei.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65814-1fa4-4f87-a4f7-fd30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:03.000Z",
|
|
"modified": "2017-09-11T09:32:03.000Z",
|
|
"pattern": "[url:value = 'http://hbcbtnbvl.info/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65814-8ddc-4e55-80c6-1684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:04.000Z",
|
|
"modified": "2017-09-11T09:32:04.000Z",
|
|
"pattern": "[domain-name:value = 'hbcbtnbvl.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65814-8964-4181-8f00-0a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:04.000Z",
|
|
"modified": "2017-09-11T09:32:04.000Z",
|
|
"pattern": "[url:value = 'http://ujspkiik.click/imageload.cgi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59b65814-76a4-4db1-add1-fb96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-09-11T09:32:04.000Z",
|
|
"modified": "2017-09-11T09:32:04.000Z",
|
|
"pattern": "[domain-name:value = 'ujspkiik.click']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-09-11T09:32:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |