2404 lines
No EOL
99 KiB
JSON
2404 lines
No EOL
99 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--54457026-e5e0-4a8f-ac1a-4d16950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T20:03:38.000Z",
|
|
"modified": "2017-06-22T20:03:38.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--54457026-e5e0-4a8f-ac1a-4d16950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T20:03:38.000Z",
|
|
"modified": "2017-06-22T20:03:38.000Z",
|
|
"name": "OSINT OrcaRAT - A whale of a tale blog post by PWC",
|
|
"published": "2017-06-22T20:05:00Z",
|
|
"object_refs": [
|
|
"observed-data--54457034-49a0-4551-a843-4008950d210b",
|
|
"url--54457034-49a0-4551-a843-4008950d210b",
|
|
"x-misp-attribute--54457045-c7b0-4f1c-9e2b-452f950d210b",
|
|
"indicator--54457081-4818-4781-84cb-4c18950d210b",
|
|
"indicator--5445709c-dd08-43bd-a744-4b5f950d210b",
|
|
"indicator--544570b6-9ddc-4da5-a225-46d3950d210b",
|
|
"indicator--5445713d-3000-4778-a6cd-46a9950d210b",
|
|
"indicator--5445715c-aa6c-4866-8d2d-42b3950d210b",
|
|
"indicator--544571bd-ddf8-43d5-ad91-43b2950d210b",
|
|
"indicator--544571bd-6674-40fd-89be-4e36950d210b",
|
|
"indicator--544571bd-b084-42fe-beec-49c3950d210b",
|
|
"indicator--544571d2-001c-4ef7-99d1-4428950d210b",
|
|
"indicator--544571d2-85e0-4a2d-998d-40a2950d210b",
|
|
"indicator--544571d2-d738-4630-97f9-4350950d210b",
|
|
"indicator--54457222-4358-410a-82b6-423a950d210b",
|
|
"indicator--54457222-368c-4447-85c1-4638950d210b",
|
|
"indicator--54457222-109c-4d07-8dbf-43ab950d210b",
|
|
"indicator--54457222-4304-41ea-8631-4f49950d210b",
|
|
"indicator--54457222-9eec-42d7-ab96-4820950d210b",
|
|
"indicator--54457222-f494-45bc-bbb1-418a950d210b",
|
|
"indicator--54457222-f3e4-47c4-8ada-465a950d210b",
|
|
"indicator--54457222-a150-4b53-b102-444f950d210b",
|
|
"indicator--54457222-caa8-4b9a-b47b-45e9950d210b",
|
|
"indicator--54457222-d874-40cd-97fe-49f2950d210b",
|
|
"indicator--54457223-5dac-4932-bf86-41a6950d210b",
|
|
"indicator--54457223-cd9c-4608-b10d-4b31950d210b",
|
|
"indicator--54457223-c97c-4d74-99fd-4db3950d210b",
|
|
"indicator--54457223-5a78-43d7-8e7e-485a950d210b",
|
|
"indicator--54457223-2830-415b-9e98-448c950d210b",
|
|
"indicator--54457223-34cc-430a-b203-47fb950d210b",
|
|
"indicator--54457223-c4f4-4a0a-81b6-458f950d210b",
|
|
"indicator--54457223-dfa0-44a3-b23c-4863950d210b",
|
|
"indicator--54457223-f520-4232-aba1-45b0950d210b",
|
|
"indicator--54457223-d3a4-4f8d-96a4-46be950d210b",
|
|
"indicator--54457252-f938-48a4-9aa0-f66a950d210b",
|
|
"indicator--54457252-2f3c-43d2-89a1-f66a950d210b",
|
|
"indicator--54457264-dd58-4abb-acb9-a73a950d210b",
|
|
"indicator--544572c6-cd80-4e92-89d0-4c2e950d210b",
|
|
"indicator--544572f3-5a80-484f-b5fc-4c87950d210b",
|
|
"indicator--544572f3-7db4-4ae9-915c-46a4950d210b",
|
|
"indicator--544572f3-f428-474f-af78-44db950d210b",
|
|
"indicator--544572f3-1888-46fc-96e9-4f39950d210b",
|
|
"indicator--544572f3-d92c-4af2-baec-428e950d210b",
|
|
"indicator--544572f3-fb54-4aea-bcfe-4a64950d210b",
|
|
"indicator--544572f3-63ac-48fd-847f-457a950d210b",
|
|
"indicator--544572f3-6bac-4d22-8ee3-4836950d210b",
|
|
"indicator--544572f3-62ac-4652-b326-49c3950d210b",
|
|
"indicator--544572f3-6dbc-4b2e-8fd3-46df950d210b",
|
|
"indicator--544572f3-12d0-44df-a9e1-40a6950d210b",
|
|
"indicator--544572f3-29f8-4ac4-bb4a-4783950d210b",
|
|
"indicator--544572f3-d3bc-455f-89a9-4175950d210b",
|
|
"indicator--544572f4-2408-44fc-ba44-4113950d210b",
|
|
"indicator--544572f4-3620-4130-a024-4866950d210b",
|
|
"indicator--544572f4-3d24-430e-93c2-40e5950d210b",
|
|
"indicator--544572f4-bf74-471f-b601-4ac3950d210b",
|
|
"indicator--544572f4-c208-476a-873f-4ed4950d210b",
|
|
"indicator--544572f4-8bac-42f9-b548-4938950d210b",
|
|
"indicator--544572f4-5008-426f-ad38-46fa950d210b",
|
|
"indicator--544572f4-67b4-41e4-ac83-4394950d210b",
|
|
"indicator--544572f4-b4e0-4bda-b288-4964950d210b",
|
|
"indicator--544572f4-29d4-4487-8112-457c950d210b",
|
|
"indicator--544572f4-a414-4cd2-8a6d-4cd6950d210b",
|
|
"indicator--544572f4-7294-4882-837f-465a950d210b",
|
|
"indicator--544572f4-ba78-4c0e-a020-4414950d210b",
|
|
"indicator--544572f4-dbc8-43e0-962d-4801950d210b",
|
|
"indicator--544572f4-55e4-4978-beba-4c49950d210b",
|
|
"indicator--544572f4-6604-4447-8e47-42c1950d210b",
|
|
"indicator--544572f4-61b4-452c-a919-4695950d210b",
|
|
"indicator--544572f4-2438-4c28-bc46-4c33950d210b",
|
|
"indicator--544572f5-61f0-45d3-abc7-4cb0950d210b",
|
|
"indicator--544572f5-3cb4-4d2c-a2f3-4b06950d210b",
|
|
"indicator--544572f5-6f00-4297-8041-44a0950d210b",
|
|
"indicator--544572f5-5518-4fbc-a18e-4251950d210b",
|
|
"indicator--544572f5-cfdc-46b4-918b-4840950d210b",
|
|
"indicator--544572f5-66e4-4a36-977b-4b93950d210b",
|
|
"indicator--544572f5-d6ac-4f6c-84e7-4f59950d210b",
|
|
"indicator--544572f5-9318-4879-a1e4-4c6c950d210b",
|
|
"indicator--544572f5-83f0-4e5b-b87b-4994950d210b",
|
|
"indicator--544572f5-e060-482a-be8c-494b950d210b",
|
|
"indicator--544572f5-177c-4f67-b639-4ff0950d210b",
|
|
"indicator--544572f5-f8b0-4e0e-9c8c-46d1950d210b",
|
|
"indicator--544572f5-32b8-4c66-bd77-479d950d210b",
|
|
"indicator--544572f5-3190-4833-9db7-475d950d210b",
|
|
"indicator--544572f5-eb9c-494c-b6f0-4851950d210b",
|
|
"indicator--544572f5-25ec-43bf-b38a-4244950d210b",
|
|
"indicator--544572f5-5ecc-41f8-a26c-4d85950d210b",
|
|
"indicator--544572f6-7934-4e8a-a25f-486a950d210b",
|
|
"indicator--544572f6-7220-49d9-bb6b-4a68950d210b",
|
|
"indicator--544572f6-e064-4cbd-9c7d-4af3950d210b",
|
|
"indicator--544572f6-66c0-445b-8e01-408f950d210b",
|
|
"indicator--544572f6-4478-4f91-bd33-40f8950d210b",
|
|
"indicator--56c628a8-aac0-408c-ace6-599f950d210f",
|
|
"indicator--56c628ab-2130-4341-8299-59a1950d210f",
|
|
"indicator--56c628ad-2afc-44bb-9b4b-599e950d210f",
|
|
"indicator--56c628b0-aad0-4a2a-aa61-599d950d210f",
|
|
"indicator--56c628aa-83a8-455c-a1f5-c652950d210f",
|
|
"indicator--56c628ac-54f4-4694-8fe4-c654950d210f",
|
|
"indicator--56c628ae-af54-4c18-9835-4ca3950d210f",
|
|
"indicator--56c628b1-89a0-4a04-98e7-599f950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--54457034-49a0-4551-a843-4008950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:27:32.000Z",
|
|
"modified": "2014-10-20T20:27:32.000Z",
|
|
"first_observed": "2014-10-20T20:27:32Z",
|
|
"last_observed": "2014-10-20T20:27:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--54457034-49a0-4551-a843-4008950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--54457034-49a0-4551-a843-4008950d210b",
|
|
"value": "http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.html"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54457045-c7b0-4f1c-9e2b-452f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:27:49.000Z",
|
|
"modified": "2014-10-20T20:27:49.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Data encoded by David Andr\u00c3\u00a9"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457081-4818-4781-84cb-4c18950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T20:03:38.000Z",
|
|
"modified": "2017-06-22T20:03:38.000Z",
|
|
"pattern": "[rule OrcaRAT\r\n {\r\n meta: \r\n author = \"PwC Cyber Threat Operations :: @tlansec\"\r\n distribution = \"TLP WHITE\"\r\n sha1 = \"253a704acd7952677c70e0c2d787791b8359efe2c92a5e77acea028393a85613\"\r\n strings:\r\n\r\n $MZ=\"MZ\"\r\n\r\n $apptype1=\"application/x-ms-application\"\r\n\r\n $apptype2=\"application/x-ms-xbap\"\r\n\r\n $apptype3=\"application/vnd.ms-xpsdocument\"\r\n\r\n $apptype4=\"application/xaml+xml\"\r\n\r\n $apptype5=\"application/x-shockwave-flash\"\r\n\r\n $apptype6=\"image/pjpeg\"\r\n\r\n $err1=\"Set return time error = %d!\"\r\n\r\n $err2=\"Set return time success!\"\r\n\r\n $err3=\"Quit success!\"\r\n\r\n \r\n\r\ncondition:\r\n\r\n $MZ at 0 and filesize < 500KB and (all of ($apptype*) and 1 of ($err*))\r\n }]",
|
|
"pattern_type": "yara",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-22T20:03:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5445709c-dd08-43bd-a744-4b5f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:29:16.000Z",
|
|
"modified": "2014-10-20T20:29:16.000Z",
|
|
"description": "snort",
|
|
"pattern": "[alert tcp any any -> any any (msg:\"::[PwC CTD]:: - OrcaRAT implant check-in\"; flow:established,from_client; urilen: 67<>170; content:\"User-Agent: Mozilla/4.0 (compatible\\; MSIE 8.0\\; Windows NT 5.1\\; Trident/4.0\\; .NET CLR 2.0.50727\\; .NET CLR 3.0.04506.30\\; .NET4.0C\\; .NET4.0E)\"; http_header; content:\"GET\"; http_method; pcre:\"/^\\/[A-Za-z0-9+~=]{14,18}\\/[A-Za-z0-9+~=]{33,38}\\/[A-Za-z0-9+~=]{6,9}\\/[A-Za-z0-9+~=]{5,50}\\/[A-Za-z0-9+~=]{5,50}$/U\"; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:29:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544570b6-9ddc-4da5-a225-46d3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:29:42.000Z",
|
|
"modified": "2014-10-20T20:29:42.000Z",
|
|
"description": "snort",
|
|
"pattern": "[alert tcp any any -> any any (msg:\"::[PwC CTD]:: - OrcaRAT implant C2 confirmation response\"; flow:established,from_client; urilen: 67<>170; content:\"User-Agent: Mozilla/4.0 (compatible\\; MSIE 8.0\\; Windows NT 5.1\\; Trident/4.0\\; .NET CLR 2.0.50727\\; .NET CLR 3.0.04506.30\\; .NET4.0C\\; .NET4.0E)\"; http_header; content:\"POST\"; http_method; pcre:\"/^\\/[A-Za-z0-9+~=]{14,18}\\/[A-Za-z0-9+~=]{33,38}\\/[A-Za-z0-9+~=]{6,9}\\/[A-Za-z0-9+~=]{5,50}\\/[A-Za-z0-9+~=]{5,50}$/U\"; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:29:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5445713d-3000-4778-a6cd-46a9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:31:57.000Z",
|
|
"modified": "2014-10-20T20:31:57.000Z",
|
|
"description": "suricata",
|
|
"pattern": "[alert http any any -> any any (msg:\"::[PwC CTD]:: - OrcaRAT implant check-in\"; flow:established,from_client; urilen: 67<>170; content:\" Mozilla/4.0 (compatible\\; MSIE 8.0\\; Windows NT 5.1\\; Trident/4.0\\; .NET CLR 2.0.50727\\; .NET CLR 3.0.04506.30\\; .NET4.0C\\; .NET4.0E)\"; http_user_agent; content:\"GET\"; http_method; pcre:\"/^\\/[A-Za-z0-9+~=]{14,18}\\/[A-Za-z0-9+~=]{33,38}\\/[A-Za-z0-9+~=]{6,9}\\/[A-Za-z0-9+~=]{5,50}\\/[A-Za-z0-9+~=]{5,50}$/U\"; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:31:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5445715c-aa6c-4866-8d2d-42b3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:32:28.000Z",
|
|
"modified": "2014-10-20T20:32:28.000Z",
|
|
"description": "suricata",
|
|
"pattern": "[alert http any any -> any any (msg:\"::[PwC CTD]:: - OrcaRAT implant C2 confirmation response\"; flow:established,from_client; urilen: 67<>170; content:\" Mozilla/4.0 (compatible\\; MSIE 8.0\\; Windows NT 5.1\\; Trident/4.0\\; .NET CLR 2.0.50727\\; .NET CLR 3.0.04506.30\\; .NET4.0C\\; .NET4.0E)\"; http_user_agent; content:\"POST\"; http_method; pcre:\"/^\\/[A-Za-z0-9+~=]{14,18}\\/[A-Za-z0-9+~=]{33,38}\\/[A-Za-z0-9+~=]{6,9}\\/[A-Za-z0-9+~=]{5,50}\\/[A-Za-z0-9+~=]{5,50}$/U\"; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:32:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544571bd-ddf8-43d5-ad91-43b2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:34:05.000Z",
|
|
"modified": "2014-10-20T20:34:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07b40312047f204a2c1fbd94fba6f53b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:34:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544571bd-6674-40fd-89be-4e36950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:34:05.000Z",
|
|
"modified": "2014-10-20T20:34:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f6456b115e325b612e0d144c8090720f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:34:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544571bd-b084-42fe-beec-49c3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:34:05.000Z",
|
|
"modified": "2014-10-20T20:34:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = '139b8e1b665bb9237ec51ec4bef22f58']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:34:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544571d2-001c-4ef7-99d1-4428950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:34:26.000Z",
|
|
"modified": "2014-10-20T20:34:26.000Z",
|
|
"pattern": "[domain-name:value = 'adda.lengendport.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:34:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544571d2-85e0-4a2d-998d-40a2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:34:26.000Z",
|
|
"modified": "2014-10-20T20:34:26.000Z",
|
|
"pattern": "[domain-name:value = 'tsl.gettrials.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:34:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544571d2-d738-4630-97f9-4350950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:34:26.000Z",
|
|
"modified": "2014-10-20T20:34:26.000Z",
|
|
"pattern": "[domain-name:value = 'auty.organiccrap.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:34:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-4358-410a-82b6-423a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '11.38.64.251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-368c-4447-85c1-4638950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.120.115.77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-109c-4d07-8dbf-43ab950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.120.99.228']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-4304-41ea-8631-4f49950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.134.20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-9eec-42d7-ab96-4820950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '147.96.68.184']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-f494-45bc-bbb1-418a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.31.24.182']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-f3e4-47c4-8ada-465a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.31.24.184']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-a150-4b53-b102-444f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.114.241.170']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-caa8-4b9a-b47b-45e9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.78.201.24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457222-d874-40cd-97fe-49f2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:46.000Z",
|
|
"modified": "2014-10-20T20:35:46.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.124.151.94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-5dac-4932-bf86-41a6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.2.108.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-cd9c-4608-b10d-4b31950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.146.251.11']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-c97c-4d74-99fd-4db3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.152.209.74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-5a78-43d7-8e7e-485a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.147.54.170']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-2830-415b-9e98-448c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.19.39.19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-34cc-430a-b203-47fb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.71.158.21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-c4f4-4a0a-81b6-458f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.73.174.134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-dfa0-44a3-b23c-4863950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.183.67.163']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-f520-4232-aba1-45b0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.116.128.15']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457223-d3a4-4f8d-96a4-46be950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:35:47.000Z",
|
|
"modified": "2014-10-20T20:35:47.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.218.149.207']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457252-f938-48a4-9aa0-f66a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:36:33.000Z",
|
|
"modified": "2014-10-20T20:36:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = '84c68f2d2dd569c4620dabcecd477e69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:36:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457252-2f3c-43d2-89a1-f66a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:36:34.000Z",
|
|
"modified": "2014-10-20T20:36:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8fbc8c7d62a41b6513603c4051a3ee7b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:36:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54457264-dd58-4abb-acb9-a73a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:36:52.000Z",
|
|
"modified": "2014-10-20T20:36:52.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.198.50.31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:36:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572c6-cd80-4e92-89d0-4c2e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:38:30.000Z",
|
|
"modified": "2014-10-20T20:38:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fee0e6b8157099ad09380a94b7cbbea4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:38:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-5a80-484f-b5fc-4c87950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'affisensors.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-7db4-4ae9-915c-46a4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'analysis.ittecbbs.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-f428-474f-af78-44db950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'at.acmetoy.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-1888-46fc-96e9-4f39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'aucy.affisensors.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-d92c-4af2-baec-428e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'bbs.dynssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-fb54-4aea-bcfe-4a64950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'bbs.serveuser.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-63ac-48fd-847f-457a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'bbslab.acmetoy.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-6bac-4d22-8ee3-4836950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'bbslab.lflink.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-62ac-4652-b326-49c3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'cdna.acmetoy.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-6dbc-4b2e-8fd3-46df950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'cune.lengendport.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-12d0-44df-a9e1-40a6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'cure.yourtrap.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-29f8-4ac4-bb4a-4783950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'dasheng.lonidc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f3-d3bc-455f-89a9-4175950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:15.000Z",
|
|
"modified": "2014-10-20T20:39:15.000Z",
|
|
"pattern": "[domain-name:value = 'dns.affisensors.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-2408-44fc-ba44-4113950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'edu.authorizeddns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-3620-4130-a024-4866950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'edu.onmypc.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-3d24-430e-93c2-40e5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.bbs.dynssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-bf74-471f-b601-4ac3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.bbs.serveuser.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-c208-476a-873f-4ed4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.bbslab.acmetoy.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-8bac-42f9-b548-4938950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.edu.authorizeddns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-5008-426f-ad38-46fa950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.edu.onmypc.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-67b4-41e4-ac83-4394950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.lucy.justdied.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-b4e0-4bda-b288-4964950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.nuac.jkub.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-29d4-4487-8112-457c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.osk.lflink.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-a414-4cd2-8a6d-4cd6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.reg.dsmtp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-7294-4882-837f-465a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.tt0320.portrelay.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-ba78-4c0e-a020-4414950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'home.affisensors.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-dbc8-43e0-962d-4801950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'hot.mrface.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-55e4-4978-beba-4c49950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'info.affisensors.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-6604-4447-8e47-42c1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'jucy.wikaba.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-61b4-452c-a919-4695950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'jutty.organiccrap.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f4-2438-4c28-bc46-4c33950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:16.000Z",
|
|
"modified": "2014-10-20T20:39:16.000Z",
|
|
"pattern": "[domain-name:value = 'lengendport.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-61f0-45d3-abc7-4cb0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'lucy.justdied.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-3cb4-4d2c-a2f3-4b06950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'newtect.ddns.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-6f00-4297-8041-44a0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'nuac.jkub.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-5518-4fbc-a18e-4251950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'nunok.ninth.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-cfdc-46b4-918b-4840950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'osk.lflink.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-66e4-4a36-977b-4b93950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'philipine.gnway.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-d6ac-4f6c-84e7-4f59950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'pure.mypop3.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-9318-4879-a1e4-4c6c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'reg.dsmtp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-83f0-4e5b-b87b-4994950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'tt0320.portrelay.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-e060-482a-be8c-494b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'venus.gr8domain.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-177c-4f67-b639-4ff0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'www.bbs.dynssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-f8b0-4e0e-9c8c-46d1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'www.bbs.serveuser.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-32b8-4c66-bd77-479d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'www.bbslab.acmetoy.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-3190-4833-9db7-475d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'www.edu.authorizeddns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-eb9c-494c-b6f0-4851950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'www.edu.onmypc.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-25ec-43bf-b38a-4244950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'www.fgtr.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f5-5ecc-41f8-a26c-4d85950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:17.000Z",
|
|
"modified": "2014-10-20T20:39:17.000Z",
|
|
"pattern": "[domain-name:value = 'www.hot.mrface.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f6-7934-4e8a-a25f-486a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:18.000Z",
|
|
"modified": "2014-10-20T20:39:18.000Z",
|
|
"pattern": "[domain-name:value = 'www.ktry.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f6-7220-49d9-bb6b-4a68950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:18.000Z",
|
|
"modified": "2014-10-20T20:39:18.000Z",
|
|
"pattern": "[domain-name:value = 'www.lucy.justdied.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f6-e064-4cbd-9c7d-4af3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:18.000Z",
|
|
"modified": "2014-10-20T20:39:18.000Z",
|
|
"pattern": "[domain-name:value = 'www.osk.lflink.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f6-66c0-445b-8e01-408f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:18.000Z",
|
|
"modified": "2014-10-20T20:39:18.000Z",
|
|
"pattern": "[domain-name:value = 'www.reg.dsmtp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--544572f6-4478-4f91-bd33-40f8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-10-20T20:39:18.000Z",
|
|
"modified": "2014-10-20T20:39:18.000Z",
|
|
"pattern": "[domain-name:value = 'www.tt0320.portrelay.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-10-20T20:39:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c628a8-aac0-408c-ace6-599f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T20:25:12.000Z",
|
|
"modified": "2016-02-18T20:25:12.000Z",
|
|
"description": "Automatically added (via 07b40312047f204a2c1fbd94fba6f53b)",
|
|
"pattern": "[file:hashes.SHA1 = '59d7aaff5e8cba285ba18c67473cb578c64c3c7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T20:25:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c628ab-2130-4341-8299-59a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T20:25:15.000Z",
|
|
"modified": "2016-02-18T20:25:15.000Z",
|
|
"description": "Automatically added (via 84c68f2d2dd569c4620dabcecd477e69)",
|
|
"pattern": "[file:hashes.SHA1 = 'e92e972234e6ffce074349ca6c7565c594a288eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T20:25:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c628ad-2afc-44bb-9b4b-599e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T20:25:17.000Z",
|
|
"modified": "2016-02-18T20:25:17.000Z",
|
|
"description": "Automatically added (via 8fbc8c7d62a41b6513603c4051a3ee7b)",
|
|
"pattern": "[file:hashes.SHA1 = 'e51303178e784497cd08564284f886b4dc5204ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T20:25:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c628b0-aad0-4a2a-aa61-599d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T20:25:20.000Z",
|
|
"modified": "2016-02-18T20:25:20.000Z",
|
|
"description": "Automatically added (via fee0e6b8157099ad09380a94b7cbbea4)",
|
|
"pattern": "[file:hashes.SHA1 = '46fcb0c6347f26937d239a7937e0326dda701386']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T20:25:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c628aa-83a8-455c-a1f5-c652950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T20:25:14.000Z",
|
|
"modified": "2016-02-18T20:25:14.000Z",
|
|
"description": "Automatically added (via 07b40312047f204a2c1fbd94fba6f53b)",
|
|
"pattern": "[file:hashes.SHA256 = '253a704acd7952677c70e0c2d787791b8359efe2c92a5e77acea028393a85613']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T20:25:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c628ac-54f4-4694-8fe4-c654950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T20:25:16.000Z",
|
|
"modified": "2016-02-18T20:25:16.000Z",
|
|
"description": "Automatically added (via 84c68f2d2dd569c4620dabcecd477e69)",
|
|
"pattern": "[file:hashes.SHA256 = 'f08aef949ddc309569fa9eb25d57587d4d9567667bbf729c08e0e204302c42ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T20:25:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c628ae-af54-4c18-9835-4ca3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T20:25:18.000Z",
|
|
"modified": "2016-02-18T20:25:18.000Z",
|
|
"description": "Automatically added (via 8fbc8c7d62a41b6513603c4051a3ee7b)",
|
|
"pattern": "[file:hashes.SHA256 = 'cb4f94bac15b558bc82d49c9227bdad3c5b84014f2f6ada012b047883e1766b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T20:25:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c628b1-89a0-4a04-98e7-599f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T20:25:21.000Z",
|
|
"modified": "2016-02-18T20:25:21.000Z",
|
|
"description": "Automatically added (via fee0e6b8157099ad09380a94b7cbbea4)",
|
|
"pattern": "[file:hashes.SHA256 = '940117d3e4ca1760b172c3488468e50932a5c4e72dc77af06b0238ee1d21fb39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T20:25:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:GREEN",
|
|
"definition": {
|
|
"tlp": "green"
|
|
}
|
|
}
|
|
]
|
|
} |