919 lines
No EOL
37 KiB
JSON
919 lines
No EOL
37 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a3bc375-9994-4da9-81c8-4ae4950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:00:02.000Z",
|
|
"modified": "2017-12-22T09:00:02.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--5a3bc375-9994-4da9-81c8-4ae4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:00:02.000Z",
|
|
"modified": "2017-12-22T09:00:02.000Z",
|
|
"name": "M2M - GlobeImposter \"..doc\" 2017-12-21 : \"Emailing:\n IMG_20171221...\" - \"IMG_20171221_123456789.7z\"",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"indicator--5a3bc375-de0c-47ae-af32-45c5950d210f",
|
|
"indicator--5a3bc376-5f9c-4992-a153-4c05950d210f",
|
|
"indicator--5a3bc378-8954-4209-bea4-4011950d210f",
|
|
"indicator--5a3bc379-ac38-4cbf-9304-45d1950d210f",
|
|
"observed-data--5a3bc37a-f64c-4eee-92ba-427e950d210f",
|
|
"network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f",
|
|
"ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f",
|
|
"indicator--5a3bc37b-c260-420e-9178-4b9b950d210f",
|
|
"indicator--5a3bc37c-9f38-46de-a8de-4713950d210f",
|
|
"observed-data--5a3bc37d-f7dc-4258-b593-41c2950d210f",
|
|
"network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f",
|
|
"ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f",
|
|
"indicator--5a3bc37e-54c0-4d7d-a89f-4089950d210f",
|
|
"indicator--5a3bc37f-ea88-4ab1-8811-4af1950d210f",
|
|
"observed-data--5a3bc380-b65c-40e8-ad73-41c3950d210f",
|
|
"network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f",
|
|
"ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f",
|
|
"indicator--5a3bc381-5220-4b01-b9b9-4043950d210f",
|
|
"indicator--5a3bc382-2fd4-4d3e-a16c-4061950d210f",
|
|
"observed-data--5a3bc384-4eb4-46f4-97df-4023950d210f",
|
|
"network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f",
|
|
"ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f",
|
|
"indicator--5a3bc385-6590-4606-9803-4a12950d210f",
|
|
"indicator--5a3bc386-7418-4367-b4ff-455d950d210f",
|
|
"observed-data--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
|
|
"network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
|
|
"ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
|
|
"indicator--5a3bc388-c17c-4ba3-a574-4365950d210f",
|
|
"indicator--5a3bc389-80a8-4af8-9ed5-4efd950d210f",
|
|
"observed-data--5a3bc38a-76b8-4392-825d-48d0950d210f",
|
|
"network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f",
|
|
"ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f",
|
|
"indicator--5a3bc38b-58c8-4bfd-a772-409f950d210f",
|
|
"indicator--5a3bc38d-aed8-4dda-b3bf-4cc3950d210f",
|
|
"observed-data--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
|
|
"network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
|
|
"ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
|
|
"indicator--5a3bc390-aa34-4c5f-bc2b-4c76950d210f",
|
|
"indicator--5a3bc391-d2f8-4838-a1c0-4443950d210f",
|
|
"observed-data--5a3bc393-e048-4eca-adfe-4674950d210f",
|
|
"network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f",
|
|
"ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f",
|
|
"indicator--5e0141dd-e62d-46be-8334-e694d79e1948",
|
|
"x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880",
|
|
"indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c",
|
|
"x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f",
|
|
"relationship--dea722aa-594b-4cda-a337-21f9fd0cddd7",
|
|
"relationship--d1d5e463-1aa5-4bbf-9552-1a1cf364168f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc375-de0c-47ae-af32-45c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T14:21:41.000Z",
|
|
"modified": "2017-12-21T14:21:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '413a1ee232d056934a5b6fe29d689bed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T14:21:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc376-5f9c-4992-a153-4c05950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T14:21:42.000Z",
|
|
"modified": "2017-12-21T14:21:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '40b0769ba2e5d575cdd325b81ffd8792']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T14:21:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc378-8954-4209-bea4-4011950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[url:value = 'http://www.g-v-s.ru/psndhFTwd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc379-ac38-4cbf-9304-45d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[domain-name:value = 'www.g-v-s.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3bc37a-f64c-4eee-92ba-427e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"first_observed": "2017-12-22T08:59:45Z",
|
|
"last_observed": "2017-12-22T08:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f",
|
|
"ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f",
|
|
"dst_ref": "ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f",
|
|
"value": "31.31.196.244"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc37b-c260-420e-9178-4b9b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[url:value = 'http://www.homody.com/psndhFTwd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc37c-9f38-46de-a8de-4713950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[domain-name:value = 'www.homody.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3bc37d-f7dc-4258-b593-41c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"first_observed": "2017-12-22T08:59:45Z",
|
|
"last_observed": "2017-12-22T08:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f",
|
|
"ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f",
|
|
"dst_ref": "ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f",
|
|
"value": "184.154.46.39"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc37e-54c0-4d7d-a89f-4089950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[url:value = 'http://www.mcwhorterdesign.com/psndhFTwd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc37f-ea88-4ab1-8811-4af1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[domain-name:value = 'www.mcwhorterdesign.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3bc380-b65c-40e8-ad73-41c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"first_observed": "2017-12-22T08:59:45Z",
|
|
"last_observed": "2017-12-22T08:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f",
|
|
"ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f",
|
|
"dst_ref": "ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f",
|
|
"value": "184.168.38.1"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc381-5220-4b01-b9b9-4043950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[url:value = 'http://www.seffafkartvizitim.com/psndhFTwd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc382-2fd4-4d3e-a16c-4061950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[domain-name:value = 'www.seffafkartvizitim.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3bc384-4eb4-46f4-97df-4023950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"first_observed": "2017-12-22T08:59:45Z",
|
|
"last_observed": "2017-12-22T08:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f",
|
|
"ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f",
|
|
"dst_ref": "ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f",
|
|
"value": "185.111.232.52"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc385-6590-4606-9803-4a12950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[url:value = 'http://www.topanswertips.info/psndhFTwd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc386-7418-4367-b4ff-455d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[domain-name:value = 'www.topanswertips.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"first_observed": "2017-12-22T08:59:45Z",
|
|
"last_observed": "2017-12-22T08:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
|
|
"ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
|
|
"dst_ref": "ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
|
|
"value": "50.62.25.129"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc388-c17c-4ba3-a574-4365950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[url:value = 'http://www.tuminsaat.com/psndhFTwd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc389-80a8-4af8-9ed5-4efd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[domain-name:value = 'www.tuminsaat.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3bc38a-76b8-4392-825d-48d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"first_observed": "2017-12-22T08:59:45Z",
|
|
"last_observed": "2017-12-22T08:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f",
|
|
"ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f",
|
|
"dst_ref": "ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f",
|
|
"value": "50.62.232.1"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc38b-58c8-4bfd-a772-409f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc38d-aed8-4dda-b3bf-4cc3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"first_observed": "2017-12-22T08:59:45Z",
|
|
"last_observed": "2017-12-22T08:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
|
|
"ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
|
|
"dst_ref": "ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
|
|
"value": "103.198.0.2"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc390-aa34-4c5f-bc2b-4c76950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3bc391-d2f8-4838-a1c0-4443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"pattern": "[domain-name:value = 'psoeiras.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3bc393-e048-4eca-adfe-4674950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:45.000Z",
|
|
"modified": "2017-12-22T08:59:45.000Z",
|
|
"first_observed": "2017-12-22T08:59:45Z",
|
|
"last_observed": "2017-12-22T08:59:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f",
|
|
"ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f",
|
|
"dst_ref": "ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f",
|
|
"value": "74.220.219.67"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e0141dd-e62d-46be-8334-e694d79e1948",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:48.000Z",
|
|
"modified": "2017-12-22T08:59:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = '40b0769ba2e5d575cdd325b81ffd8792' AND file:hashes.SHA1 = '88793e0e6329cbfa02a7f6ad2f80a4d6fa01ff0f' AND file:hashes.SHA256 = '410efb1938ab06cf29acbcd24a3eca81c5d6d0c84778997adad1b5f0ecfb455c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:47.000Z",
|
|
"modified": "2017-12-22T08:59:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/410efb1938ab06cf29acbcd24a3eca81c5d6d0c84778997adad1b5f0ecfb455c/analysis/1513929885/",
|
|
"category": "External analysis",
|
|
"uuid": "5a3cc983-2004-4ca7-a44a-c5ba02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/66",
|
|
"category": "Other",
|
|
"uuid": "5a3cc983-8b20-4d33-bd68-c5ba02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-22 08:04:45",
|
|
"category": "Other",
|
|
"uuid": "5a3cc983-7470-40db-98a9-c5ba02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:50.000Z",
|
|
"modified": "2017-12-22T08:59:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '413a1ee232d056934a5b6fe29d689bed' AND file:hashes.SHA1 = 'f25c81b44fc15a67240430503753a913c27125dc' AND file:hashes.SHA256 = '66f13fb763cb982fc7fa685f84020ab95a5b1fe64d981ccda827749928704599']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T08:59:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T08:59:47.000Z",
|
|
"modified": "2017-12-22T08:59:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/66f13fb763cb982fc7fa685f84020ab95a5b1fe64d981ccda827749928704599/analysis/1513900202/",
|
|
"category": "External analysis",
|
|
"uuid": "5a3cc983-79a0-4e1a-870b-c5ba02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/67",
|
|
"category": "Other",
|
|
"uuid": "5a3cc983-7aa4-45e4-a33c-c5ba02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-21 23:50:02",
|
|
"category": "Other",
|
|
"uuid": "5a3cc983-5240-46b9-b7cb-c5ba02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--dea722aa-594b-4cda-a337-21f9fd0cddd7",
|
|
"created": "2017-12-22T08:59:47.000Z",
|
|
"modified": "2017-12-22T08:59:47.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5e0141dd-e62d-46be-8334-e694d79e1948",
|
|
"target_ref": "x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d1d5e463-1aa5-4bbf-9552-1a1cf364168f",
|
|
"created": "2017-12-22T08:59:48.000Z",
|
|
"modified": "2017-12-22T08:59:48.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c",
|
|
"target_ref": "x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |