3993 lines
No EOL
159 KiB
JSON
3993 lines
No EOL
159 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--594a5e89-05fc-40b3-bf5a-4c9b950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:46:06.000Z",
|
|
"modified": "2017-06-21T12:46:06.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--594a5e89-05fc-40b3-bf5a-4c9b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:46:06.000Z",
|
|
"modified": "2017-06-21T12:46:06.000Z",
|
|
"name": "M2M - #trickbot Facture ### via .zip/.WSF",
|
|
"published": "2017-06-21T12:46:14Z",
|
|
"object_refs": [
|
|
"indicator--594a5e89-ea28-48de-84e5-4329950d210f",
|
|
"indicator--594a5e8a-fa78-4fb5-9d80-4acf950d210f",
|
|
"indicator--594a5e8a-c738-4b7a-bc58-4b07950d210f",
|
|
"indicator--594a5e8a-772c-4004-bc39-431e950d210f",
|
|
"indicator--594a5e8a-4260-4332-a457-4863950d210f",
|
|
"indicator--594a5e8b-4674-4cff-9e35-4cbe950d210f",
|
|
"indicator--594a5e8b-0b78-40cc-b78f-42b0950d210f",
|
|
"observed-data--594a5e8b-5c64-45bb-85cb-482a950d210f",
|
|
"network-traffic--594a5e8b-5c64-45bb-85cb-482a950d210f",
|
|
"ipv4-addr--594a5e8b-5c64-45bb-85cb-482a950d210f",
|
|
"indicator--594a5e8c-f89c-4619-a03a-4805950d210f",
|
|
"indicator--594a5e8c-ad9c-414c-b8a0-4dc0950d210f",
|
|
"observed-data--594a5e94-53c8-4e7c-aace-4ace950d210f",
|
|
"network-traffic--594a5e94-53c8-4e7c-aace-4ace950d210f",
|
|
"ipv4-addr--594a5e94-53c8-4e7c-aace-4ace950d210f",
|
|
"indicator--594a5e94-51c8-4869-998f-4da6950d210f",
|
|
"indicator--594a5e94-7c40-4af1-ac63-4077950d210f",
|
|
"observed-data--594a5e95-5b78-46b3-926d-421a950d210f",
|
|
"network-traffic--594a5e95-5b78-46b3-926d-421a950d210f",
|
|
"ipv4-addr--594a5e95-5b78-46b3-926d-421a950d210f",
|
|
"indicator--594a5e95-4b58-48de-a32c-4faf950d210f",
|
|
"indicator--594a5e95-6270-43da-8f71-40dd950d210f",
|
|
"observed-data--594a5e95-1f74-4940-a3dc-40cf950d210f",
|
|
"network-traffic--594a5e95-1f74-4940-a3dc-40cf950d210f",
|
|
"ipv4-addr--594a5e95-1f74-4940-a3dc-40cf950d210f",
|
|
"indicator--594a5e96-0294-48b3-b758-42a4950d210f",
|
|
"indicator--594a5e96-d600-4810-975e-4136950d210f",
|
|
"observed-data--594a5e96-afe8-4496-b1dd-485b950d210f",
|
|
"network-traffic--594a5e96-afe8-4496-b1dd-485b950d210f",
|
|
"ipv4-addr--594a5e96-afe8-4496-b1dd-485b950d210f",
|
|
"indicator--594a5e96-bce0-47d4-ba7f-4e67950d210f",
|
|
"indicator--594a5e96-eb2c-44e0-ba61-44f2950d210f",
|
|
"observed-data--594a5e97-aea8-48b4-8f29-44d8950d210f",
|
|
"network-traffic--594a5e97-aea8-48b4-8f29-44d8950d210f",
|
|
"ipv4-addr--594a5e97-aea8-48b4-8f29-44d8950d210f",
|
|
"indicator--594a5e97-3218-452a-b674-42dc950d210f",
|
|
"indicator--594a5e97-5be8-4892-a7b3-4b8b950d210f",
|
|
"observed-data--594a5e98-5e30-41c7-8efd-4514950d210f",
|
|
"network-traffic--594a5e98-5e30-41c7-8efd-4514950d210f",
|
|
"ipv4-addr--594a5e98-5e30-41c7-8efd-4514950d210f",
|
|
"indicator--594a5e98-f378-4720-8c1b-4a2d950d210f",
|
|
"indicator--594a5e98-5624-4a50-ba46-43b7950d210f",
|
|
"observed-data--594a5e99-0b50-4e61-9382-4324950d210f",
|
|
"network-traffic--594a5e99-0b50-4e61-9382-4324950d210f",
|
|
"ipv4-addr--594a5e99-0b50-4e61-9382-4324950d210f",
|
|
"indicator--594a5e99-7ec4-46a3-ac86-4314950d210f",
|
|
"indicator--594a5e99-734c-4fb2-91b9-4039950d210f",
|
|
"observed-data--594a5e99-5fd8-4274-a593-4129950d210f",
|
|
"network-traffic--594a5e99-5fd8-4274-a593-4129950d210f",
|
|
"ipv4-addr--594a5e99-5fd8-4274-a593-4129950d210f",
|
|
"indicator--594a5e9a-014c-4b11-8e2c-4e7e950d210f",
|
|
"indicator--594a5e9a-1830-40c1-8723-4cf1950d210f",
|
|
"observed-data--594a5e9a-2cf8-423f-a1c8-4d65950d210f",
|
|
"network-traffic--594a5e9a-2cf8-423f-a1c8-4d65950d210f",
|
|
"ipv4-addr--594a5e9a-2cf8-423f-a1c8-4d65950d210f",
|
|
"indicator--594a5e9a-7afc-4d05-aa45-4258950d210f",
|
|
"indicator--594a5e9b-9e08-4990-b29d-40cf950d210f",
|
|
"observed-data--594a5e9b-ccbc-4e7b-8444-41c5950d210f",
|
|
"network-traffic--594a5e9b-ccbc-4e7b-8444-41c5950d210f",
|
|
"ipv4-addr--594a5e9b-ccbc-4e7b-8444-41c5950d210f",
|
|
"indicator--594a5e9b-900c-4ec3-bec3-44ee950d210f",
|
|
"indicator--594a5e9b-7b64-4fa5-bf6d-487e950d210f",
|
|
"observed-data--594a5e9b-02a4-4323-b5df-4962950d210f",
|
|
"network-traffic--594a5e9b-02a4-4323-b5df-4962950d210f",
|
|
"ipv4-addr--594a5e9b-02a4-4323-b5df-4962950d210f",
|
|
"indicator--594a5e9c-ebf4-4f01-8bef-4b7d950d210f",
|
|
"indicator--594a5e9c-f204-4b10-b6de-4b66950d210f",
|
|
"observed-data--594a5e9c-b0c4-4a31-b169-4986950d210f",
|
|
"network-traffic--594a5e9c-b0c4-4a31-b169-4986950d210f",
|
|
"ipv4-addr--594a5e9c-b0c4-4a31-b169-4986950d210f",
|
|
"indicator--594a5e9d-f6b0-4d71-8fee-40f6950d210f",
|
|
"indicator--594a5e9d-57c8-4bc7-9502-404e950d210f",
|
|
"observed-data--594a5e9d-d3e4-48e9-8eaa-41a4950d210f",
|
|
"network-traffic--594a5e9d-d3e4-48e9-8eaa-41a4950d210f",
|
|
"ipv4-addr--594a5e9d-d3e4-48e9-8eaa-41a4950d210f",
|
|
"indicator--594a5e9d-754c-463b-8eae-4fd8950d210f",
|
|
"indicator--594a5e9e-8124-4848-a9fe-44d9950d210f",
|
|
"observed-data--594a5e9e-c3ec-4ee5-a265-441a950d210f",
|
|
"network-traffic--594a5e9e-c3ec-4ee5-a265-441a950d210f",
|
|
"ipv4-addr--594a5e9e-c3ec-4ee5-a265-441a950d210f",
|
|
"indicator--594a5e9e-5f64-40f4-8505-4357950d210f",
|
|
"indicator--594a5e9f-cf84-45d6-b55e-4480950d210f",
|
|
"observed-data--594a5e9f-77c8-44be-99d6-4920950d210f",
|
|
"network-traffic--594a5e9f-77c8-44be-99d6-4920950d210f",
|
|
"ipv4-addr--594a5e9f-77c8-44be-99d6-4920950d210f",
|
|
"indicator--594a5e9f-9cb0-4f2a-9bcf-4bc5950d210f",
|
|
"indicator--594a5e9f-c574-4fd7-979e-4135950d210f",
|
|
"observed-data--594a5ea0-22d8-4a9a-878d-4230950d210f",
|
|
"network-traffic--594a5ea0-22d8-4a9a-878d-4230950d210f",
|
|
"ipv4-addr--594a5ea0-22d8-4a9a-878d-4230950d210f",
|
|
"indicator--594a5ea0-dca0-480e-841b-4e42950d210f",
|
|
"indicator--594a5ea0-52e4-4491-a15b-485a950d210f",
|
|
"observed-data--594a5ea1-5800-4475-a167-4703950d210f",
|
|
"network-traffic--594a5ea1-5800-4475-a167-4703950d210f",
|
|
"ipv4-addr--594a5ea1-5800-4475-a167-4703950d210f",
|
|
"indicator--594a5ea1-1fec-43b7-b101-48be950d210f",
|
|
"indicator--594a5ea1-7190-4af0-9814-45da950d210f",
|
|
"observed-data--594a5ea1-e780-4fd3-8f8e-446b950d210f",
|
|
"network-traffic--594a5ea1-e780-4fd3-8f8e-446b950d210f",
|
|
"ipv4-addr--594a5ea1-e780-4fd3-8f8e-446b950d210f",
|
|
"indicator--594a5ea2-c558-4208-a9be-4235950d210f",
|
|
"indicator--594a5ea2-aef4-4ba4-9d14-41b7950d210f",
|
|
"observed-data--594a5ea2-c700-4635-b1ae-4afa950d210f",
|
|
"network-traffic--594a5ea2-c700-4635-b1ae-4afa950d210f",
|
|
"ipv4-addr--594a5ea2-c700-4635-b1ae-4afa950d210f",
|
|
"indicator--594a5ea2-2f00-4067-872c-4418950d210f",
|
|
"indicator--594a5ea3-4bdc-4c75-9d23-4c70950d210f",
|
|
"indicator--594a5ea4-45a4-4045-b247-4257950d210f",
|
|
"indicator--594a5ea4-1508-4b69-bcc3-4235950d210f",
|
|
"observed-data--594a5ea5-4358-4357-8295-4caf950d210f",
|
|
"network-traffic--594a5ea5-4358-4357-8295-4caf950d210f",
|
|
"ipv4-addr--594a5ea5-4358-4357-8295-4caf950d210f",
|
|
"indicator--594a5ea5-298c-412c-97e1-4c44950d210f",
|
|
"indicator--594a5ea5-9738-4cfb-b6e9-4e4c950d210f",
|
|
"observed-data--594a5ea6-88e8-4213-b48f-43a3950d210f",
|
|
"network-traffic--594a5ea6-88e8-4213-b48f-43a3950d210f",
|
|
"ipv4-addr--594a5ea6-88e8-4213-b48f-43a3950d210f",
|
|
"indicator--594a5ea6-e6d8-47bf-985c-46b2950d210f",
|
|
"indicator--594a5ea6-9310-4cf8-828d-4535950d210f",
|
|
"observed-data--594a5ea7-2904-4f3a-bf75-49f0950d210f",
|
|
"network-traffic--594a5ea7-2904-4f3a-bf75-49f0950d210f",
|
|
"ipv4-addr--594a5ea7-2904-4f3a-bf75-49f0950d210f",
|
|
"indicator--594a5ea7-cc98-47a4-9320-4553950d210f",
|
|
"indicator--594a5ea7-996c-4bb6-8f8f-49de950d210f",
|
|
"observed-data--594a5ea7-fa30-4e1a-9000-4600950d210f",
|
|
"network-traffic--594a5ea7-fa30-4e1a-9000-4600950d210f",
|
|
"ipv4-addr--594a5ea7-fa30-4e1a-9000-4600950d210f",
|
|
"indicator--594a5ea8-3fb0-43e9-942d-4fd2950d210f",
|
|
"indicator--594a5ea8-65d4-4376-8a45-42e2950d210f",
|
|
"observed-data--594a5ea8-c37c-46a4-9b3c-44c0950d210f",
|
|
"network-traffic--594a5ea8-c37c-46a4-9b3c-44c0950d210f",
|
|
"ipv4-addr--594a5ea8-c37c-46a4-9b3c-44c0950d210f",
|
|
"indicator--594a5ea8-09f0-4d3f-935e-4a65950d210f",
|
|
"indicator--594a5ea8-9c00-41a9-865f-4153950d210f",
|
|
"observed-data--594a5ea9-f640-4ea3-b14c-4e94950d210f",
|
|
"network-traffic--594a5ea9-f640-4ea3-b14c-4e94950d210f",
|
|
"ipv4-addr--594a5ea9-f640-4ea3-b14c-4e94950d210f",
|
|
"indicator--594a5ea9-2204-49d5-9c57-4f2e950d210f",
|
|
"indicator--594a5ea9-142c-4cbb-9bc9-4263950d210f",
|
|
"observed-data--594a5ea9-8d98-4a35-be91-4741950d210f",
|
|
"network-traffic--594a5ea9-8d98-4a35-be91-4741950d210f",
|
|
"ipv4-addr--594a5ea9-8d98-4a35-be91-4741950d210f",
|
|
"indicator--594a5eaa-27a4-47c8-86cd-4dbb950d210f",
|
|
"indicator--594a5eaa-3698-4eb6-afb5-4c1d950d210f",
|
|
"observed-data--594a5eaa-7264-4c4e-84fb-474a950d210f",
|
|
"network-traffic--594a5eaa-7264-4c4e-84fb-474a950d210f",
|
|
"ipv4-addr--594a5eaa-7264-4c4e-84fb-474a950d210f",
|
|
"indicator--594a5eaa-cfa0-453e-8d90-419d950d210f",
|
|
"indicator--594a5eaa-b9ac-4e0c-9c1e-4b65950d210f",
|
|
"observed-data--594a5eab-8354-4851-bbda-4e2c950d210f",
|
|
"network-traffic--594a5eab-8354-4851-bbda-4e2c950d210f",
|
|
"ipv4-addr--594a5eab-8354-4851-bbda-4e2c950d210f",
|
|
"indicator--594a5eab-c67c-4edf-9dcc-4e8b950d210f",
|
|
"indicator--594a5eab-415c-4fc9-bebf-4dc7950d210f",
|
|
"indicator--594a5eab-410c-45de-a569-4f2e950d210f",
|
|
"indicator--594a5eac-2c9c-4ad0-95ca-42d4950d210f",
|
|
"observed-data--594a5eac-2aa4-4c3a-bb26-4377950d210f",
|
|
"network-traffic--594a5eac-2aa4-4c3a-bb26-4377950d210f",
|
|
"ipv4-addr--594a5eac-2aa4-4c3a-bb26-4377950d210f",
|
|
"observed-data--594a5eac-3e1c-49ee-98d7-4dea950d210f",
|
|
"url--594a5eac-3e1c-49ee-98d7-4dea950d210f",
|
|
"observed-data--594a5eac-da8c-420d-a7c1-4348950d210f",
|
|
"url--594a5eac-da8c-420d-a7c1-4348950d210f",
|
|
"observed-data--594a5eae-50c0-4282-b409-42a1950d210f",
|
|
"url--594a5eae-50c0-4282-b409-42a1950d210f",
|
|
"observed-data--594a5eae-ce9c-48b3-a057-44ef950d210f",
|
|
"network-traffic--594a5eae-ce9c-48b3-a057-44ef950d210f",
|
|
"ipv4-addr--594a5eae-ce9c-48b3-a057-44ef950d210f",
|
|
"observed-data--594a5eae-1188-4cd9-ab58-4207950d210f",
|
|
"network-traffic--594a5eae-1188-4cd9-ab58-4207950d210f",
|
|
"ipv4-addr--594a5eae-1188-4cd9-ab58-4207950d210f",
|
|
"observed-data--594a5eae-c0a0-487b-a252-4d8c950d210f",
|
|
"network-traffic--594a5eae-c0a0-487b-a252-4d8c950d210f",
|
|
"ipv4-addr--594a5eae-c0a0-487b-a252-4d8c950d210f",
|
|
"observed-data--594a5eaf-c1b4-40f8-af73-47ef950d210f",
|
|
"network-traffic--594a5eaf-c1b4-40f8-af73-47ef950d210f",
|
|
"ipv4-addr--594a5eaf-c1b4-40f8-af73-47ef950d210f",
|
|
"observed-data--594a5eaf-5a4c-47c3-a3c3-46fe950d210f",
|
|
"network-traffic--594a5eaf-5a4c-47c3-a3c3-46fe950d210f",
|
|
"ipv4-addr--594a5eaf-5a4c-47c3-a3c3-46fe950d210f",
|
|
"observed-data--594a5eaf-c7b8-4ad7-a100-4724950d210f",
|
|
"network-traffic--594a5eaf-c7b8-4ad7-a100-4724950d210f",
|
|
"ipv4-addr--594a5eaf-c7b8-4ad7-a100-4724950d210f",
|
|
"observed-data--594a5eaf-ea24-4963-af5c-498c950d210f",
|
|
"network-traffic--594a5eaf-ea24-4963-af5c-498c950d210f",
|
|
"ipv4-addr--594a5eaf-ea24-4963-af5c-498c950d210f",
|
|
"observed-data--594a5eb0-dd20-44b5-9ac2-4b0f950d210f",
|
|
"network-traffic--594a5eb0-dd20-44b5-9ac2-4b0f950d210f",
|
|
"ipv4-addr--594a5eb0-dd20-44b5-9ac2-4b0f950d210f",
|
|
"observed-data--594a5eb0-b360-459b-a4eb-4765950d210f",
|
|
"network-traffic--594a5eb0-b360-459b-a4eb-4765950d210f",
|
|
"ipv4-addr--594a5eb0-b360-459b-a4eb-4765950d210f",
|
|
"observed-data--594a5eb0-273c-4e88-963c-46f4950d210f",
|
|
"network-traffic--594a5eb0-273c-4e88-963c-46f4950d210f",
|
|
"ipv4-addr--594a5eb0-273c-4e88-963c-46f4950d210f",
|
|
"observed-data--594a5eb1-6a88-47ef-aafb-4ff9950d210f",
|
|
"network-traffic--594a5eb1-6a88-47ef-aafb-4ff9950d210f",
|
|
"ipv4-addr--594a5eb1-6a88-47ef-aafb-4ff9950d210f",
|
|
"observed-data--594a5eb1-0018-4081-8b96-4c2d950d210f",
|
|
"network-traffic--594a5eb1-0018-4081-8b96-4c2d950d210f",
|
|
"ipv4-addr--594a5eb1-0018-4081-8b96-4c2d950d210f",
|
|
"observed-data--594a5eb1-1d90-4dcb-a7ff-4e65950d210f",
|
|
"network-traffic--594a5eb1-1d90-4dcb-a7ff-4e65950d210f",
|
|
"ipv4-addr--594a5eb1-1d90-4dcb-a7ff-4e65950d210f",
|
|
"observed-data--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f",
|
|
"network-traffic--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f",
|
|
"ipv4-addr--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f",
|
|
"observed-data--594a5eb2-1380-49fa-9c8d-4ea1950d210f",
|
|
"network-traffic--594a5eb2-1380-49fa-9c8d-4ea1950d210f",
|
|
"ipv4-addr--594a5eb2-1380-49fa-9c8d-4ea1950d210f",
|
|
"observed-data--594a5eb2-e948-426d-914f-48a7950d210f",
|
|
"network-traffic--594a5eb2-e948-426d-914f-48a7950d210f",
|
|
"ipv4-addr--594a5eb2-e948-426d-914f-48a7950d210f",
|
|
"observed-data--594a5eb3-205c-4fe7-9350-4329950d210f",
|
|
"network-traffic--594a5eb3-205c-4fe7-9350-4329950d210f",
|
|
"ipv4-addr--594a5eb3-205c-4fe7-9350-4329950d210f",
|
|
"observed-data--594a5eb3-3028-4bee-8278-48f6950d210f",
|
|
"network-traffic--594a5eb3-3028-4bee-8278-48f6950d210f",
|
|
"ipv4-addr--594a5eb3-3028-4bee-8278-48f6950d210f",
|
|
"observed-data--594a5eb3-3680-4402-80f4-4e7a950d210f",
|
|
"network-traffic--594a5eb3-3680-4402-80f4-4e7a950d210f",
|
|
"ipv4-addr--594a5eb3-3680-4402-80f4-4e7a950d210f",
|
|
"observed-data--594a5eb3-6688-4f26-b6bb-422b950d210f",
|
|
"network-traffic--594a5eb3-6688-4f26-b6bb-422b950d210f",
|
|
"ipv4-addr--594a5eb3-6688-4f26-b6bb-422b950d210f",
|
|
"observed-data--594a5eb4-bf98-4510-9534-4174950d210f",
|
|
"network-traffic--594a5eb4-bf98-4510-9534-4174950d210f",
|
|
"ipv4-addr--594a5eb4-bf98-4510-9534-4174950d210f",
|
|
"observed-data--594a5eb4-628c-472c-bba9-4a37950d210f",
|
|
"network-traffic--594a5eb4-628c-472c-bba9-4a37950d210f",
|
|
"ipv4-addr--594a5eb4-628c-472c-bba9-4a37950d210f",
|
|
"observed-data--594a5eb4-ed64-4fc4-b92a-4717950d210f",
|
|
"network-traffic--594a5eb4-ed64-4fc4-b92a-4717950d210f",
|
|
"ipv4-addr--594a5eb4-ed64-4fc4-b92a-4717950d210f",
|
|
"observed-data--594a5eb4-9508-41c6-af4f-4c0d950d210f",
|
|
"network-traffic--594a5eb4-9508-41c6-af4f-4c0d950d210f",
|
|
"ipv4-addr--594a5eb4-9508-41c6-af4f-4c0d950d210f",
|
|
"observed-data--594a5eb5-6070-4fbd-92ac-4568950d210f",
|
|
"network-traffic--594a5eb5-6070-4fbd-92ac-4568950d210f",
|
|
"ipv4-addr--594a5eb5-6070-4fbd-92ac-4568950d210f",
|
|
"indicator--594a6a72-c130-4b84-8f61-232602de0b81",
|
|
"observed-data--594a6a72-8870-436c-970a-232602de0b81",
|
|
"url--594a6a72-8870-436c-970a-232602de0b81",
|
|
"indicator--594a6a72-be60-4198-b63e-232602de0b81",
|
|
"observed-data--594a6a72-1ddc-4502-a70a-232602de0b81",
|
|
"url--594a6a72-1ddc-4502-a70a-232602de0b81",
|
|
"indicator--594a6a72-af58-4072-acd5-232602de0b81",
|
|
"indicator--594a6a72-4d78-47d3-8ed1-232602de0b81",
|
|
"observed-data--594a6a72-3a5c-4362-8452-232602de0b81",
|
|
"url--594a6a72-3a5c-4362-8452-232602de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:tool=\"Trick Bot\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e89-ea28-48de-84e5-4329950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '47b102e4de419f18ce1d83dd63c866b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e8a-fa78-4fb5-9d80-4acf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '78351980d47d75e5647ad25a7d7beb7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e8a-c738-4b7a-bc58-4b07950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b02fb0a9200ff844a74f71a586464875']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e8a-772c-4004-bc39-431e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '15020686b2805795c82a56f7d0ccaea5e4b938f25c0e0fa8781d80afc03ef1fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e8a-4260-4332-a457-4863950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '36b83f1df7c918efcde6ec5a895b4b53ec0307b1b8603a5ba3a3ab63ab7c2265']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e8b-4674-4cff-9e35-4cbe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://1time.nl/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e8b-0b78-40cc-b78f-42b0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = '1time.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e8b-5c64-45bb-85cb-482a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e8b-5c64-45bb-85cb-482a950d210f",
|
|
"ipv4-addr--594a5e8b-5c64-45bb-85cb-482a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e8b-5c64-45bb-85cb-482a950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e8b-5c64-45bb-85cb-482a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e8b-5c64-45bb-85cb-482a950d210f",
|
|
"value": "213.247.45.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e8c-f89c-4619-a03a-4805950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://78tguyc876wwirglmltm.net/af/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e8c-ad9c-414c-b8a0-4dc0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = '78tguyc876wwirglmltm.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e94-53c8-4e7c-aace-4ace950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e94-53c8-4e7c-aace-4ace950d210f",
|
|
"ipv4-addr--594a5e94-53c8-4e7c-aace-4ace950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e94-53c8-4e7c-aace-4ace950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e94-53c8-4e7c-aace-4ace950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e94-53c8-4e7c-aace-4ace950d210f",
|
|
"value": "119.28.86.18"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e94-51c8-4869-998f-4da6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://adityastudio.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e94-7c40-4af1-ac63-4077950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'adityastudio.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e95-5b78-46b3-926d-421a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e95-5b78-46b3-926d-421a950d210f",
|
|
"ipv4-addr--594a5e95-5b78-46b3-926d-421a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e95-5b78-46b3-926d-421a950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e95-5b78-46b3-926d-421a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e95-5b78-46b3-926d-421a950d210f",
|
|
"value": "204.11.59.195"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e95-4b58-48de-a32c-4faf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://aquareserve.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e95-6270-43da-8f71-40dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'aquareserve.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e95-1f74-4940-a3dc-40cf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e95-1f74-4940-a3dc-40cf950d210f",
|
|
"ipv4-addr--594a5e95-1f74-4940-a3dc-40cf950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e95-1f74-4940-a3dc-40cf950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e95-1f74-4940-a3dc-40cf950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e95-1f74-4940-a3dc-40cf950d210f",
|
|
"value": "199.79.62.21"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e96-0294-48b3-b758-42a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://asathlon.it/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e96-d600-4810-975e-4136950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'asathlon.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e96-afe8-4496-b1dd-485b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e96-afe8-4496-b1dd-485b950d210f",
|
|
"ipv4-addr--594a5e96-afe8-4496-b1dd-485b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e96-afe8-4496-b1dd-485b950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e96-afe8-4496-b1dd-485b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e96-afe8-4496-b1dd-485b950d210f",
|
|
"value": "151.1.182.11"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e96-bce0-47d4-ba7f-4e67950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://autobluelite.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e96-eb2c-44e0-ba61-44f2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'autobluelite.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e97-aea8-48b4-8f29-44d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e97-aea8-48b4-8f29-44d8950d210f",
|
|
"ipv4-addr--594a5e97-aea8-48b4-8f29-44d8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e97-aea8-48b4-8f29-44d8950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e97-aea8-48b4-8f29-44d8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e97-aea8-48b4-8f29-44d8950d210f",
|
|
"value": "37.187.85.228"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e97-3218-452a-b674-42dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://chobiring.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e97-5be8-4892-a7b3-4b8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'chobiring.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e98-5e30-41c7-8efd-4514950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e98-5e30-41c7-8efd-4514950d210f",
|
|
"ipv4-addr--594a5e98-5e30-41c7-8efd-4514950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e98-5e30-41c7-8efd-4514950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e98-5e30-41c7-8efd-4514950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e98-5e30-41c7-8efd-4514950d210f",
|
|
"value": "219.118.71.139"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e98-f378-4720-8c1b-4a2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://chocolatesbazaar.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e98-5624-4a50-ba46-43b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'chocolatesbazaar.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e99-0b50-4e61-9382-4324950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e99-0b50-4e61-9382-4324950d210f",
|
|
"ipv4-addr--594a5e99-0b50-4e61-9382-4324950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e99-0b50-4e61-9382-4324950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e99-0b50-4e61-9382-4324950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e99-0b50-4e61-9382-4324950d210f",
|
|
"value": "103.195.185.86"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e99-7ec4-46a3-ac86-4314950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://code-igniter.ro/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e99-734c-4fb2-91b9-4039950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'code-igniter.ro']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e99-5fd8-4274-a593-4129950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e99-5fd8-4274-a593-4129950d210f",
|
|
"ipv4-addr--594a5e99-5fd8-4274-a593-4129950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e99-5fd8-4274-a593-4129950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e99-5fd8-4274-a593-4129950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e99-5fd8-4274-a593-4129950d210f",
|
|
"value": "188.166.5.34"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9a-014c-4b11-8e2c-4e7e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://dansstudio-arabesque.be/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9a-1830-40c1-8723-4cf1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'dansstudio-arabesque.be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e9a-2cf8-423f-a1c8-4d65950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e9a-2cf8-423f-a1c8-4d65950d210f",
|
|
"ipv4-addr--594a5e9a-2cf8-423f-a1c8-4d65950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e9a-2cf8-423f-a1c8-4d65950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e9a-2cf8-423f-a1c8-4d65950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e9a-2cf8-423f-a1c8-4d65950d210f",
|
|
"value": "188.165.245.131"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9a-7afc-4d05-aa45-4258950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://drzewina.pl/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9b-9e08-4990-b29d-40cf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'drzewina.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e9b-ccbc-4e7b-8444-41c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e9b-ccbc-4e7b-8444-41c5950d210f",
|
|
"ipv4-addr--594a5e9b-ccbc-4e7b-8444-41c5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e9b-ccbc-4e7b-8444-41c5950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e9b-ccbc-4e7b-8444-41c5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e9b-ccbc-4e7b-8444-41c5950d210f",
|
|
"value": "79.96.81.157"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9b-900c-4ec3-bec3-44ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://europegym.be/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9b-7b64-4fa5-bf6d-487e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'europegym.be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e9b-02a4-4323-b5df-4962950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e9b-02a4-4323-b5df-4962950d210f",
|
|
"ipv4-addr--594a5e9b-02a4-4323-b5df-4962950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e9b-02a4-4323-b5df-4962950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e9b-02a4-4323-b5df-4962950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e9b-02a4-4323-b5df-4962950d210f",
|
|
"value": "46.30.215.23"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9c-ebf4-4f01-8bef-4b7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://giftskitchen.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9c-f204-4b10-b6de-4b66950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'giftskitchen.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e9c-b0c4-4a31-b169-4986950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e9c-b0c4-4a31-b169-4986950d210f",
|
|
"ipv4-addr--594a5e9c-b0c4-4a31-b169-4986950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e9c-b0c4-4a31-b169-4986950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e9c-b0c4-4a31-b169-4986950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e9c-b0c4-4a31-b169-4986950d210f",
|
|
"value": "204.11.58.195"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9d-f6b0-4d71-8fee-40f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://lightenenglish.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9d-57c8-4bc7-9502-404e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'lightenenglish.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e9d-d3e4-48e9-8eaa-41a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e9d-d3e4-48e9-8eaa-41a4950d210f",
|
|
"ipv4-addr--594a5e9d-d3e4-48e9-8eaa-41a4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e9d-d3e4-48e9-8eaa-41a4950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e9d-d3e4-48e9-8eaa-41a4950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e9d-d3e4-48e9-8eaa-41a4950d210f",
|
|
"value": "122.114.137.245"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9d-754c-463b-8eae-4fd8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://liukeli.cn/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9e-8124-4848-a9fe-44d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'liukeli.cn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e9e-c3ec-4ee5-a265-441a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e9e-c3ec-4ee5-a265-441a950d210f",
|
|
"ipv4-addr--594a5e9e-c3ec-4ee5-a265-441a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e9e-c3ec-4ee5-a265-441a950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e9e-c3ec-4ee5-a265-441a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e9e-c3ec-4ee5-a265-441a950d210f",
|
|
"value": "124.248.226.106"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9e-5f64-40f4-8505-4357950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://malamalamak9.net/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9f-cf84-45d6-b55e-4480950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'malamalamak9.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5e9f-77c8-44be-99d6-4920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5e9f-77c8-44be-99d6-4920950d210f",
|
|
"ipv4-addr--594a5e9f-77c8-44be-99d6-4920950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5e9f-77c8-44be-99d6-4920950d210f",
|
|
"dst_ref": "ipv4-addr--594a5e9f-77c8-44be-99d6-4920950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5e9f-77c8-44be-99d6-4920950d210f",
|
|
"value": "74.122.121.8"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9f-9cb0-4f2a-9bcf-4bc5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://marketing-online.ie/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5e9f-c574-4fd7-979e-4135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'marketing-online.ie']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea0-22d8-4a9a-878d-4230950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea0-22d8-4a9a-878d-4230950d210f",
|
|
"ipv4-addr--594a5ea0-22d8-4a9a-878d-4230950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea0-22d8-4a9a-878d-4230950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea0-22d8-4a9a-878d-4230950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea0-22d8-4a9a-878d-4230950d210f",
|
|
"value": "91.210.235.115"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea0-dca0-480e-841b-4e42950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://melakatropical.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea0-52e4-4491-a15b-485a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'melakatropical.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea1-5800-4475-a167-4703950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea1-5800-4475-a167-4703950d210f",
|
|
"ipv4-addr--594a5ea1-5800-4475-a167-4703950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea1-5800-4475-a167-4703950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea1-5800-4475-a167-4703950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea1-5800-4475-a167-4703950d210f",
|
|
"value": "113.23.219.24"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea1-1fec-43b7-b101-48be950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://partyangel.in/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea1-7190-4af0-9814-45da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'partyangel.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea1-e780-4fd3-8f8e-446b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea1-e780-4fd3-8f8e-446b950d210f",
|
|
"ipv4-addr--594a5ea1-e780-4fd3-8f8e-446b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea1-e780-4fd3-8f8e-446b950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea1-e780-4fd3-8f8e-446b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea1-e780-4fd3-8f8e-446b950d210f",
|
|
"value": "103.50.162.56"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea2-c558-4208-a9be-4235950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://rakwhitecement.ae/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea2-aef4-4ba4-9d14-41b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'rakwhitecement.ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea2-c700-4635-b1ae-4afa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea2-c700-4635-b1ae-4afa950d210f",
|
|
"ipv4-addr--594a5ea2-c700-4635-b1ae-4afa950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea2-c700-4635-b1ae-4afa950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea2-c700-4635-b1ae-4afa950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea2-c700-4635-b1ae-4afa950d210f",
|
|
"value": "69.65.3.213"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea2-2f00-4067-872c-4418950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://randomessstioprottoy.net/af/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea3-4bdc-4c75-9d23-4c70950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'randomessstioprottoy.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea4-45a4-4045-b247-4257950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://shreveporttradingantiques.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea4-1508-4b69-bcc3-4235950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'shreveporttradingantiques.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea5-4358-4357-8295-4caf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea5-4358-4357-8295-4caf950d210f",
|
|
"ipv4-addr--594a5ea5-4358-4357-8295-4caf950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea5-4358-4357-8295-4caf950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea5-4358-4357-8295-4caf950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea5-4358-4357-8295-4caf950d210f",
|
|
"value": "74.220.215.225"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea5-298c-412c-97e1-4c44950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://smco.co.in/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea5-9738-4cfb-b6e9-4e4c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'smco.co.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea6-88e8-4213-b48f-43a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea6-88e8-4213-b48f-43a3950d210f",
|
|
"ipv4-addr--594a5ea6-88e8-4213-b48f-43a3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea6-88e8-4213-b48f-43a3950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea6-88e8-4213-b48f-43a3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea6-88e8-4213-b48f-43a3950d210f",
|
|
"value": "108.174.147.136"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea6-e6d8-47bf-985c-46b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://tag27.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea6-9310-4cf8-828d-4535950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'tag27.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea7-2904-4f3a-bf75-49f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea7-2904-4f3a-bf75-49f0950d210f",
|
|
"ipv4-addr--594a5ea7-2904-4f3a-bf75-49f0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea7-2904-4f3a-bf75-49f0950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea7-2904-4f3a-bf75-49f0950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea7-2904-4f3a-bf75-49f0950d210f",
|
|
"value": "162.210.102.220"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea7-cc98-47a4-9320-4553950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://techno-me.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea7-996c-4bb6-8f8f-49de950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'techno-me.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea7-fa30-4e1a-9000-4600950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea7-fa30-4e1a-9000-4600950d210f",
|
|
"ipv4-addr--594a5ea7-fa30-4e1a-9000-4600950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea7-fa30-4e1a-9000-4600950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea7-fa30-4e1a-9000-4600950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea7-fa30-4e1a-9000-4600950d210f",
|
|
"value": "99.198.112.66"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea8-3fb0-43e9-942d-4fd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://telesuonoband.it/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea8-65d4-4376-8a45-42e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'telesuonoband.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea8-c37c-46a4-9b3c-44c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea8-c37c-46a4-9b3c-44c0950d210f",
|
|
"ipv4-addr--594a5ea8-c37c-46a4-9b3c-44c0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea8-c37c-46a4-9b3c-44c0950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea8-c37c-46a4-9b3c-44c0950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea8-c37c-46a4-9b3c-44c0950d210f",
|
|
"value": "195.110.124.188"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea8-09f0-4d3f-935e-4a65950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://unitedtanga.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea8-9c00-41a9-865f-4153950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'unitedtanga.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea9-f640-4ea3-b14c-4e94950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea9-f640-4ea3-b14c-4e94950d210f",
|
|
"ipv4-addr--594a5ea9-f640-4ea3-b14c-4e94950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea9-f640-4ea3-b14c-4e94950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea9-f640-4ea3-b14c-4e94950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea9-f640-4ea3-b14c-4e94950d210f",
|
|
"value": "98.124.251.68"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea9-2204-49d5-9c57-4f2e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://uplandtrains.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5ea9-142c-4cbb-9bc9-4263950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'uplandtrains.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5ea9-8d98-4a35-be91-4741950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5ea9-8d98-4a35-be91-4741950d210f",
|
|
"ipv4-addr--594a5ea9-8d98-4a35-be91-4741950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5ea9-8d98-4a35-be91-4741950d210f",
|
|
"dst_ref": "ipv4-addr--594a5ea9-8d98-4a35-be91-4741950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5ea9-8d98-4a35-be91-4741950d210f",
|
|
"value": "66.147.244.160"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5eaa-27a4-47c8-86cd-4dbb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://veecans.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5eaa-3698-4eb6-afb5-4c1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'veecans.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eaa-7264-4c4e-84fb-474a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eaa-7264-4c4e-84fb-474a950d210f",
|
|
"ipv4-addr--594a5eaa-7264-4c4e-84fb-474a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eaa-7264-4c4e-84fb-474a950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eaa-7264-4c4e-84fb-474a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eaa-7264-4c4e-84fb-474a950d210f",
|
|
"value": "203.195.235.254"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5eaa-cfa0-453e-8d90-419d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://www.losangelesrelocationservices.net/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5eaa-b9ac-4e0c-9c1e-4b65950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'www.losangelesrelocationservices.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eab-8354-4851-bbda-4e2c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eab-8354-4851-bbda-4e2c950d210f",
|
|
"ipv4-addr--594a5eab-8354-4851-bbda-4e2c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eab-8354-4851-bbda-4e2c950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eab-8354-4851-bbda-4e2c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eab-8354-4851-bbda-4e2c950d210f",
|
|
"value": "67.55.90.212"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5eab-c67c-4edf-9dcc-4e8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://www.manhattanbeachmovers.net/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5eab-415c-4fc9-bebf-4dc7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'www.manhattanbeachmovers.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5eab-410c-45de-a569-4f2e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[url:value = 'http://xn----8sb4abph0af.com/08345ug']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a5eac-2c9c-4ad0-95ca-42d4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"pattern": "[domain-name:value = 'xn----8sb4abph0af.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eac-2aa4-4c3a-bb26-4377950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eac-2aa4-4c3a-bb26-4377950d210f",
|
|
"ipv4-addr--594a5eac-2aa4-4c3a-bb26-4377950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eac-2aa4-4c3a-bb26-4377950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eac-2aa4-4c3a-bb26-4377950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eac-2aa4-4c3a-bb26-4377950d210f",
|
|
"value": "51.255.157.19"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eac-3e1c-49ee-98d7-4dea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--594a5eac-3e1c-49ee-98d7-4dea950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--594a5eac-3e1c-49ee-98d7-4dea950d210f",
|
|
"value": "https://www.hybrid-analysis.com/sample/15020686b2805795c82a56f7d0ccaea5e4b938f25c0e0fa8781d80afc03ef1fa?environmentId=100"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eac-da8c-420d-a7c1-4348950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--594a5eac-da8c-420d-a7c1-4348950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--594a5eac-da8c-420d-a7c1-4348950d210f",
|
|
"value": "https://virustotal.com/en/file/15020686b2805795c82a56f7d0ccaea5e4b938f25c0e0fa8781d80afc03ef1fa/analysis/1498033877/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eae-50c0-4282-b409-42a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--594a5eae-50c0-4282-b409-42a1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--594a5eae-50c0-4282-b409-42a1950d210f",
|
|
"value": "https://www.hybrid-analysis.com/sample/36b83f1df7c918efcde6ec5a895b4b53ec0307b1b8603a5ba3a3ab63ab7c2265?environmentId=100"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eae-ce9c-48b3-a057-44ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eae-ce9c-48b3-a057-44ef950d210f",
|
|
"ipv4-addr--594a5eae-ce9c-48b3-a057-44ef950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eae-ce9c-48b3-a057-44ef950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eae-ce9c-48b3-a057-44ef950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eae-ce9c-48b3-a057-44ef950d210f",
|
|
"value": "94.140.121.173"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eae-1188-4cd9-ab58-4207950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eae-1188-4cd9-ab58-4207950d210f",
|
|
"ipv4-addr--594a5eae-1188-4cd9-ab58-4207950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eae-1188-4cd9-ab58-4207950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eae-1188-4cd9-ab58-4207950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eae-1188-4cd9-ab58-4207950d210f",
|
|
"value": "151.80.84.2"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eae-c0a0-487b-a252-4d8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eae-c0a0-487b-a252-4d8c950d210f",
|
|
"ipv4-addr--594a5eae-c0a0-487b-a252-4d8c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eae-c0a0-487b-a252-4d8c950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eae-c0a0-487b-a252-4d8c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eae-c0a0-487b-a252-4d8c950d210f",
|
|
"value": "194.87.238.129"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eaf-c1b4-40f8-af73-47ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eaf-c1b4-40f8-af73-47ef950d210f",
|
|
"ipv4-addr--594a5eaf-c1b4-40f8-af73-47ef950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eaf-c1b4-40f8-af73-47ef950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eaf-c1b4-40f8-af73-47ef950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eaf-c1b4-40f8-af73-47ef950d210f",
|
|
"value": "151.80.84.12"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eaf-5a4c-47c3-a3c3-46fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eaf-5a4c-47c3-a3c3-46fe950d210f",
|
|
"ipv4-addr--594a5eaf-5a4c-47c3-a3c3-46fe950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eaf-5a4c-47c3-a3c3-46fe950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eaf-5a4c-47c3-a3c3-46fe950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eaf-5a4c-47c3-a3c3-46fe950d210f",
|
|
"value": "195.133.145.144"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eaf-c7b8-4ad7-a100-4724950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eaf-c7b8-4ad7-a100-4724950d210f",
|
|
"ipv4-addr--594a5eaf-c7b8-4ad7-a100-4724950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eaf-c7b8-4ad7-a100-4724950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eaf-c7b8-4ad7-a100-4724950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eaf-c7b8-4ad7-a100-4724950d210f",
|
|
"value": "37.1.207.174"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eaf-ea24-4963-af5c-498c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eaf-ea24-4963-af5c-498c950d210f",
|
|
"ipv4-addr--594a5eaf-ea24-4963-af5c-498c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eaf-ea24-4963-af5c-498c950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eaf-ea24-4963-af5c-498c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eaf-ea24-4963-af5c-498c950d210f",
|
|
"value": "195.62.52.100"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb0-dd20-44b5-9ac2-4b0f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb0-dd20-44b5-9ac2-4b0f950d210f",
|
|
"ipv4-addr--594a5eb0-dd20-44b5-9ac2-4b0f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb0-dd20-44b5-9ac2-4b0f950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb0-dd20-44b5-9ac2-4b0f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb0-dd20-44b5-9ac2-4b0f950d210f",
|
|
"value": "94.140.121.174"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb0-b360-459b-a4eb-4765950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb0-b360-459b-a4eb-4765950d210f",
|
|
"ipv4-addr--594a5eb0-b360-459b-a4eb-4765950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb0-b360-459b-a4eb-4765950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb0-b360-459b-a4eb-4765950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb0-b360-459b-a4eb-4765950d210f",
|
|
"value": "195.133.146.136"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb0-273c-4e88-963c-46f4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb0-273c-4e88-963c-46f4950d210f",
|
|
"ipv4-addr--594a5eb0-273c-4e88-963c-46f4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb0-273c-4e88-963c-46f4950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb0-273c-4e88-963c-46f4950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb0-273c-4e88-963c-46f4950d210f",
|
|
"value": "193.0.140.177"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb1-6a88-47ef-aafb-4ff9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb1-6a88-47ef-aafb-4ff9950d210f",
|
|
"ipv4-addr--594a5eb1-6a88-47ef-aafb-4ff9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb1-6a88-47ef-aafb-4ff9950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb1-6a88-47ef-aafb-4ff9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb1-6a88-47ef-aafb-4ff9950d210f",
|
|
"value": "89.231.13.18"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb1-0018-4081-8b96-4c2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb1-0018-4081-8b96-4c2d950d210f",
|
|
"ipv4-addr--594a5eb1-0018-4081-8b96-4c2d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb1-0018-4081-8b96-4c2d950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb1-0018-4081-8b96-4c2d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb1-0018-4081-8b96-4c2d950d210f",
|
|
"value": "89.231.13.27"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb1-1d90-4dcb-a7ff-4e65950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb1-1d90-4dcb-a7ff-4e65950d210f",
|
|
"ipv4-addr--594a5eb1-1d90-4dcb-a7ff-4e65950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb1-1d90-4dcb-a7ff-4e65950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb1-1d90-4dcb-a7ff-4e65950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb1-1d90-4dcb-a7ff-4e65950d210f",
|
|
"value": "89.231.13.33"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f",
|
|
"ipv4-addr--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb2-5ea0-4e9b-b1e4-4ee8950d210f",
|
|
"value": "190.228.169.106"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb2-1380-49fa-9c8d-4ea1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb2-1380-49fa-9c8d-4ea1950d210f",
|
|
"ipv4-addr--594a5eb2-1380-49fa-9c8d-4ea1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb2-1380-49fa-9c8d-4ea1950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb2-1380-49fa-9c8d-4ea1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb2-1380-49fa-9c8d-4ea1950d210f",
|
|
"value": "168.194.80.219"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb2-e948-426d-914f-48a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb2-e948-426d-914f-48a7950d210f",
|
|
"ipv4-addr--594a5eb2-e948-426d-914f-48a7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb2-e948-426d-914f-48a7950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb2-e948-426d-914f-48a7950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb2-e948-426d-914f-48a7950d210f",
|
|
"value": "94.42.91.27"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb3-205c-4fe7-9350-4329950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb3-205c-4fe7-9350-4329950d210f",
|
|
"ipv4-addr--594a5eb3-205c-4fe7-9350-4329950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb3-205c-4fe7-9350-4329950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb3-205c-4fe7-9350-4329950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb3-205c-4fe7-9350-4329950d210f",
|
|
"value": "118.91.178.121"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb3-3028-4bee-8278-48f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb3-3028-4bee-8278-48f6950d210f",
|
|
"ipv4-addr--594a5eb3-3028-4bee-8278-48f6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb3-3028-4bee-8278-48f6950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb3-3028-4bee-8278-48f6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb3-3028-4bee-8278-48f6950d210f",
|
|
"value": "118.91.178.114"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb3-3680-4402-80f4-4e7a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb3-3680-4402-80f4-4e7a950d210f",
|
|
"ipv4-addr--594a5eb3-3680-4402-80f4-4e7a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb3-3680-4402-80f4-4e7a950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb3-3680-4402-80f4-4e7a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb3-3680-4402-80f4-4e7a950d210f",
|
|
"value": "186.103.161.204"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb3-6688-4f26-b6bb-422b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb3-6688-4f26-b6bb-422b950d210f",
|
|
"ipv4-addr--594a5eb3-6688-4f26-b6bb-422b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb3-6688-4f26-b6bb-422b950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb3-6688-4f26-b6bb-422b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb3-6688-4f26-b6bb-422b950d210f",
|
|
"value": "163.53.206.187"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb4-bf98-4510-9534-4174950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb4-bf98-4510-9534-4174950d210f",
|
|
"ipv4-addr--594a5eb4-bf98-4510-9534-4174950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb4-bf98-4510-9534-4174950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb4-bf98-4510-9534-4174950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb4-bf98-4510-9534-4174950d210f",
|
|
"value": "159.224.26.79"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb4-628c-472c-bba9-4a37950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb4-628c-472c-bba9-4a37950d210f",
|
|
"ipv4-addr--594a5eb4-628c-472c-bba9-4a37950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb4-628c-472c-bba9-4a37950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb4-628c-472c-bba9-4a37950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb4-628c-472c-bba9-4a37950d210f",
|
|
"value": "188.117.92.134"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb4-ed64-4fc4-b92a-4717950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb4-ed64-4fc4-b92a-4717950d210f",
|
|
"ipv4-addr--594a5eb4-ed64-4fc4-b92a-4717950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb4-ed64-4fc4-b92a-4717950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb4-ed64-4fc4-b92a-4717950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb4-ed64-4fc4-b92a-4717950d210f",
|
|
"value": "46.160.165.16"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb4-9508-41c6-af4f-4c0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb4-9508-41c6-af4f-4c0d950d210f",
|
|
"ipv4-addr--594a5eb4-9508-41c6-af4f-4c0d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb4-9508-41c6-af4f-4c0d950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb4-9508-41c6-af4f-4c0d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb4-9508-41c6-af4f-4c0d950d210f",
|
|
"value": "191.7.30.30"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a5eb5-6070-4fbd-92ac-4568950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:35.000Z",
|
|
"modified": "2017-06-21T12:45:35.000Z",
|
|
"first_observed": "2017-06-21T12:45:35Z",
|
|
"last_observed": "2017-06-21T12:45:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594a5eb5-6070-4fbd-92ac-4568950d210f",
|
|
"ipv4-addr--594a5eb5-6070-4fbd-92ac-4568950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594a5eb5-6070-4fbd-92ac-4568950d210f",
|
|
"dst_ref": "ipv4-addr--594a5eb5-6070-4fbd-92ac-4568950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594a5eb5-6070-4fbd-92ac-4568950d210f",
|
|
"value": "168.194.83.57"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a6a72-c130-4b84-8f61-232602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:38.000Z",
|
|
"modified": "2017-06-21T12:45:38.000Z",
|
|
"description": "- Xchecked via VT: 36b83f1df7c918efcde6ec5a895b4b53ec0307b1b8603a5ba3a3ab63ab7c2265",
|
|
"pattern": "[file:hashes.SHA1 = '772c60e4a170ade72a6617cf51485ae1130426cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a6a72-8870-436c-970a-232602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:38.000Z",
|
|
"modified": "2017-06-21T12:45:38.000Z",
|
|
"first_observed": "2017-06-21T12:45:38Z",
|
|
"last_observed": "2017-06-21T12:45:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--594a6a72-8870-436c-970a-232602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--594a6a72-8870-436c-970a-232602de0b81",
|
|
"value": "https://www.virustotal.com/file/36b83f1df7c918efcde6ec5a895b4b53ec0307b1b8603a5ba3a3ab63ab7c2265/analysis/1498048579/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a6a72-be60-4198-b63e-232602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:38.000Z",
|
|
"modified": "2017-06-21T12:45:38.000Z",
|
|
"description": "- Xchecked via VT: 15020686b2805795c82a56f7d0ccaea5e4b938f25c0e0fa8781d80afc03ef1fa",
|
|
"pattern": "[file:hashes.SHA1 = 'a3cd9268e9da6bb0163f6fcce4a81b420384d632']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a6a72-1ddc-4502-a70a-232602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:38.000Z",
|
|
"modified": "2017-06-21T12:45:38.000Z",
|
|
"first_observed": "2017-06-21T12:45:38Z",
|
|
"last_observed": "2017-06-21T12:45:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--594a6a72-1ddc-4502-a70a-232602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--594a6a72-1ddc-4502-a70a-232602de0b81",
|
|
"value": "https://www.virustotal.com/file/15020686b2805795c82a56f7d0ccaea5e4b938f25c0e0fa8781d80afc03ef1fa/analysis/1498048584/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a6a72-af58-4072-acd5-232602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:38.000Z",
|
|
"modified": "2017-06-21T12:45:38.000Z",
|
|
"description": "- Xchecked via VT: 47b102e4de419f18ce1d83dd63c866b8",
|
|
"pattern": "[file:hashes.SHA256 = '094c1cf7c9bcc16254b3f04794d401c611123270db493f74154b41c59feb0b81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594a6a72-4d78-47d3-8ed1-232602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:38.000Z",
|
|
"modified": "2017-06-21T12:45:38.000Z",
|
|
"description": "- Xchecked via VT: 47b102e4de419f18ce1d83dd63c866b8",
|
|
"pattern": "[file:hashes.SHA1 = '1fa22fafdb102e5eb17549a99aec6b405c48dfe9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-21T12:45:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594a6a72-3a5c-4362-8452-232602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-21T12:45:38.000Z",
|
|
"modified": "2017-06-21T12:45:38.000Z",
|
|
"first_observed": "2017-06-21T12:45:38Z",
|
|
"last_observed": "2017-06-21T12:45:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--594a6a72-3a5c-4362-8452-232602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--594a6a72-3a5c-4362-8452-232602de0b81",
|
|
"value": "https://www.virustotal.com/file/094c1cf7c9bcc16254b3f04794d401c611123270db493f74154b41c59feb0b81/analysis/1498042597/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |