adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/578cde89-5064-4b29-96c5-45e6950d210f.json

1289 lines
No EOL
52 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--578cde89-5064-4b29-96c5-45e6950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:50.000Z",
"modified": "2016-07-18T14:40:50.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--578cde89-5064-4b29-96c5-45e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:50.000Z",
"modified": "2016-07-18T14:40:50.000Z",
"name": "Malspam 2016-07-18 .wsf (campaign: \"company database\")",
"published": "2016-07-18T14:41:21Z",
"object_refs": [
"indicator--578cdeba-c690-488e-8d7a-403a950d210f",
"indicator--578cdeba-e67c-4f0e-979f-4bdf950d210f",
"indicator--578cdebb-7cb4-4c25-832c-455b950d210f",
"indicator--578cdebb-1b0c-47ad-8402-445a950d210f",
"indicator--578cdebc-c080-450a-b067-42d1950d210f",
"indicator--578cdebc-be94-45f7-9829-458f950d210f",
"indicator--578cdebd-f758-4456-b174-4f83950d210f",
"indicator--578cdebd-f728-4077-8e0c-4c8b950d210f",
"indicator--578cdebd-8c1c-4444-9fdf-4f0a950d210f",
"indicator--578cdebe-2cd0-4571-9790-4582950d210f",
"indicator--578cdebe-dbac-4bc9-89d7-4265950d210f",
"indicator--578cdebf-9e70-4722-ba28-418c950d210f",
"indicator--578cdebf-af24-4352-903a-4d78950d210f",
"indicator--578cdec0-981c-4420-a095-4e9a950d210f",
"indicator--578cdec0-759c-4d79-a1a4-4c7a950d210f",
"indicator--578cdec1-5ab8-4340-ae15-436d950d210f",
"indicator--578cdec1-d9cc-42ae-b475-491a950d210f",
"indicator--578cdec1-7424-4940-bb77-49ba950d210f",
"indicator--578cdec2-8278-4c22-ba25-44f2950d210f",
"indicator--578cdec2-1a74-4568-990d-497e950d210f",
"indicator--578cdec3-a928-4899-9293-4012950d210f",
"indicator--578cdec3-e520-4a3a-be4e-4676950d210f",
"indicator--578cdec4-fa18-4e1c-95ff-4073950d210f",
"indicator--578cdec4-e6f0-47c5-9251-4d63950d210f",
"x-misp-attribute--578cdf8d-5574-4992-a875-4231950d210f",
"observed-data--578cdfa3-a058-4435-9e68-4629950d210f",
"email-message--578cdfa3-a058-4435-9e68-4629950d210f",
"indicator--578ce472-b0a4-44e4-b143-41b8950d210f",
"indicator--578ce473-eef8-4595-a83e-42b7950d210f",
"indicator--578ce473-da54-408e-9292-4d5e950d210f",
"indicator--578ce474-6560-4f09-8a42-4efc950d210f",
"indicator--578ce474-f32c-4f2c-b3ae-42d4950d210f",
"indicator--578ce475-03c0-4256-a403-4e8e950d210f",
"indicator--578ce475-0c20-4fac-bd46-4010950d210f",
"indicator--578ce476-f1d8-4e41-b306-45ef950d210f",
"indicator--578ce476-91c8-4a99-9d71-4723950d210f",
"indicator--578ce477-8f64-41c0-88e3-4196950d210f",
"indicator--578ce477-893c-4460-8176-47f6950d210f",
"indicator--578ce478-bf7c-4e76-83b0-475e950d210f",
"indicator--578ce478-55f8-4d9d-af31-4982950d210f",
"indicator--578ce479-02cc-4d2c-aeb9-40b0950d210f",
"indicator--578ce479-ea2c-4056-93b8-4f87950d210f",
"indicator--578cea6d-4700-4ecf-ab61-49e6950d210f",
"indicator--578cea6f-b6e8-4640-ae92-43d8950d210f",
"indicator--578cea6f-db94-4c9a-9258-43c3950d210f",
"indicator--578cea70-e7ec-40e4-bc7b-401a950d210f",
"indicator--578cea70-0c38-4eeb-b007-4b78950d210f",
"indicator--578cea70-963c-4c2f-85da-463e950d210f",
"indicator--578cea71-b670-421f-b78e-4d51950d210f",
"indicator--578cea71-f2d8-41c5-8fe2-42c4950d210f",
"indicator--578cea72-df10-43ba-9101-4ce5950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdeba-c690-488e-8d7a-403a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:50.000Z",
"modified": "2016-07-18T13:50:50.000Z",
"description": "download location",
"pattern": "[url:value = 'http://gv.com.my/qbnuau']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdeba-e67c-4f0e-979f-4bdf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:50.000Z",
"modified": "2016-07-18T13:50:50.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'gv.com.my']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebb-7cb4-4c25-832c-455b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:51.000Z",
"modified": "2016-07-18T13:50:51.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.48.153.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebb-1b0c-47ad-8402-445a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:51.000Z",
"modified": "2016-07-18T13:50:51.000Z",
"description": "download location",
"pattern": "[url:value = 'http://dnp9.com/zpfqk2l']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebc-c080-450a-b067-42d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:52.000Z",
"modified": "2016-07-18T13:50:52.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'dnp9.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebc-be94-45f7-9829-458f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:52.000Z",
"modified": "2016-07-18T13:50:52.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.164.189.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebd-f758-4456-b174-4f83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:53.000Z",
"modified": "2016-07-18T13:50:53.000Z",
"description": "download location",
"pattern": "[url:value = 'http://cloudbws.com/m0tu07b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebd-f728-4077-8e0c-4c8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:53.000Z",
"modified": "2016-07-18T13:50:53.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'cloudbws.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebd-8c1c-4444-9fdf-4f0a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:53.000Z",
"modified": "2016-07-18T13:50:53.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.201.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebe-2cd0-4571-9790-4582950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:54.000Z",
"modified": "2016-07-18T13:50:54.000Z",
"description": "download location",
"pattern": "[url:value = 'http://blackdildo.net/h9kyu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebe-dbac-4bc9-89d7-4265950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:54.000Z",
"modified": "2016-07-18T13:50:54.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'blackdildo.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebf-9e70-4722-ba28-418c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:55.000Z",
"modified": "2016-07-18T13:50:55.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.31.160.94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdebf-af24-4352-903a-4d78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:55.000Z",
"modified": "2016-07-18T13:50:55.000Z",
"description": "download location",
"pattern": "[url:value = 'http://vakantiehuisinauvergne.com/apyd17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec0-981c-4420-a095-4e9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:56.000Z",
"modified": "2016-07-18T13:50:56.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'vakantiehuisinauvergne.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec0-759c-4d79-a1a4-4c7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:56.000Z",
"modified": "2016-07-18T13:50:56.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.27.173.22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec1-5ab8-4340-ae15-436d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:57.000Z",
"modified": "2016-07-18T13:50:57.000Z",
"description": "download location",
"pattern": "[url:value = 'http://wcouto.com.br/9d207v']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec1-d9cc-42ae-b475-491a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:57.000Z",
"modified": "2016-07-18T13:50:57.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'wcouto.com.br']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec1-7424-4940-bb77-49ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:57.000Z",
"modified": "2016-07-18T13:50:57.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.164.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec2-8278-4c22-ba25-44f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:58.000Z",
"modified": "2016-07-18T13:50:58.000Z",
"description": "download location",
"pattern": "[url:value = 'http://anchortron.com/hiqsij']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec2-1a74-4568-990d-497e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:58.000Z",
"modified": "2016-07-18T13:50:58.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'anchortron.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec3-a928-4899-9293-4012950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:59.000Z",
"modified": "2016-07-18T13:50:59.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.209.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec3-e520-4a3a-be4e-4676950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:50:59.000Z",
"modified": "2016-07-18T13:50:59.000Z",
"description": "download location",
"pattern": "[url:value = 'http://travoxsb.com/qmi5u0n']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec4-fa18-4e1c-95ff-4073950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:51:00.000Z",
"modified": "2016-07-18T13:51:00.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'travoxsb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:51:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cdec4-e6f0-47c5-9251-4d63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:51:00.000Z",
"modified": "2016-07-18T13:51:00.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.4.45.235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T13:51:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--578cdf8d-5574-4992-a875-4231950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:54:21.000Z",
"modified": "2016-07-18T13:54:21.000Z",
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Payload delivery\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "user-agent",
"x_misp_value": "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--578cdfa3-a058-4435-9e68-4629950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T13:54:43.000Z",
"modified": "2016-07-18T13:54:43.000Z",
"first_observed": "2016-07-18T13:54:43Z",
"last_observed": "2016-07-18T13:54:43Z",
"number_observed": 1,
"object_refs": [
"email-message--578cdfa3-a058-4435-9e68-4629950d210f"
],
"labels": [
"misp:type=\"email-subject\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--578cdfa3-a058-4435-9e68-4629950d210f",
"is_multipart": false,
"subject": "company database"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce472-b0a4-44e4-b143-41b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:14.000Z",
"modified": "2016-07-18T14:15:14.000Z",
"description": "download location",
"pattern": "[url:value = 'http://deanstum.com/z9opr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce473-eef8-4595-a83e-42b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:15.000Z",
"modified": "2016-07-18T14:15:15.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'deanstum.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce473-da54-408e-9292-4d5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:15.000Z",
"modified": "2016-07-18T14:15:15.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.229.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce474-6560-4f09-8a42-4efc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:16.000Z",
"modified": "2016-07-18T14:15:16.000Z",
"description": "download location",
"pattern": "[url:value = 'http://gruposoluciomatica.com.br/ryi81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce474-f32c-4f2c-b3ae-42d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:16.000Z",
"modified": "2016-07-18T14:15:16.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'gruposoluciomatica.com.br']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce475-03c0-4256-a403-4e8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:17.000Z",
"modified": "2016-07-18T14:15:17.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.17.98.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce475-0c20-4fac-bd46-4010950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:17.000Z",
"modified": "2016-07-18T14:15:17.000Z",
"description": "download location",
"pattern": "[url:value = 'http://serviceautoiasi.com/4tbvsfcz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce476-f1d8-4e41-b306-45ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:18.000Z",
"modified": "2016-07-18T14:15:18.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'serviceautoiasi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce476-91c8-4a99-9d71-4723950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:18.000Z",
"modified": "2016-07-18T14:15:18.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.9.56.193']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce477-8f64-41c0-88e3-4196950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:19.000Z",
"modified": "2016-07-18T14:15:19.000Z",
"description": "download location",
"pattern": "[url:value = 'http://trans-free.ru/2hx1l']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce477-893c-4460-8176-47f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:19.000Z",
"modified": "2016-07-18T14:15:19.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'trans-free.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce478-bf7c-4e76-83b0-475e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:20.000Z",
"modified": "2016-07-18T14:15:20.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.222.62.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce478-55f8-4d9d-af31-4982950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:20.000Z",
"modified": "2016-07-18T14:15:20.000Z",
"description": "download location",
"pattern": "[url:value = 'http://s2mgmt.com/do40lc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce479-02cc-4d2c-aeb9-40b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:21.000Z",
"modified": "2016-07-18T14:15:21.000Z",
"description": "download location",
"pattern": "[domain-name:value = 's2mgmt.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578ce479-ea2c-4056-93b8-4f87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:15:21.000Z",
"modified": "2016-07-18T14:15:21.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.33.23.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea6d-4700-4ecf-ab61-49e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:45.000Z",
"modified": "2016-07-18T14:40:45.000Z",
"description": "download location",
"pattern": "[url:value = 'http://benavidezhoy.com/8zrg48k']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea6f-b6e8-4640-ae92-43d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:47.000Z",
"modified": "2016-07-18T14:40:47.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'benavidezhoy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea6f-db94-4c9a-9258-43c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:47.000Z",
"modified": "2016-07-18T14:40:47.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.16.243.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea70-e7ec-40e4-bc7b-401a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:48.000Z",
"modified": "2016-07-18T14:40:48.000Z",
"description": "download location",
"pattern": "[url:value = 'http://aquatixbottle.com/ygyngc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea70-0c38-4eeb-b007-4b78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:48.000Z",
"modified": "2016-07-18T14:40:48.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'aquatixbottle.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea70-963c-4c2f-85da-463e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:48.000Z",
"modified": "2016-07-18T14:40:48.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.212.231']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea71-b670-421f-b78e-4d51950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:49.000Z",
"modified": "2016-07-18T14:40:49.000Z",
"description": "download location",
"pattern": "[url:value = 'http://davisdoherty.co.nz/g0vi70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea71-f2d8-41c5-8fe2-42c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:49.000Z",
"modified": "2016-07-18T14:40:49.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'davisdoherty.co.nz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578cea72-df10-43ba-9101-4ce5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-18T14:40:50.000Z",
"modified": "2016-07-18T14:40:50.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.234.42.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-18T14:40:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink