adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/556d5db3-e464-477f-96de-adf2950d210b.json

2084 lines
No EOL
86 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--556d5db3-e464-477f-96de-adf2950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:57:02.000Z",
"modified": "2015-06-02T07:57:02.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--556d5db3-e464-477f-96de-adf2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:57:02.000Z",
"modified": "2015-06-02T07:57:02.000Z",
"name": "OSINT 'Paying-Days' CryptoWall 3.0 Campaign via Magnitude EK report by malwarefor.me",
"published": "2015-06-02T08:06:09Z",
"object_refs": [
"observed-data--556d5ed7-b2b0-46c5-b31d-a0e9950d210b",
"url--556d5ed7-b2b0-46c5-b31d-a0e9950d210b",
"indicator--556d5fab-035c-4891-906c-a71c950d210b",
"indicator--556d5fab-8e6c-4682-95d2-a71c950d210b",
"indicator--556d5fab-be34-46a5-9e39-a71c950d210b",
"indicator--556d5fab-15a8-421d-bec7-a71c950d210b",
"indicator--556d6002-7230-4a3f-b79d-ae06950d210b",
"indicator--556d6002-3608-4524-b910-ae06950d210b",
"indicator--556d6003-c79c-40a9-b4f8-ae06950d210b",
"indicator--556d6003-8f2c-4890-b60c-ae06950d210b",
"indicator--556d6003-2fc8-4b97-b2e9-ae06950d210b",
"indicator--556d6003-60f0-4df4-97a0-ae06950d210b",
"indicator--556d6003-3600-4228-801c-ae06950d210b",
"indicator--556d6003-f2fc-4c04-a5ba-ae06950d210b",
"indicator--556d6003-2058-4f8c-a896-ae06950d210b",
"indicator--556d6004-c314-4ddd-afac-ae06950d210b",
"indicator--556d6004-85f8-4e74-8a1b-ae06950d210b",
"observed-data--556d6034-d3f8-432f-b5c7-c95d950d210b",
"url--556d6034-d3f8-432f-b5c7-c95d950d210b",
"observed-data--556d6034-fa34-4dfe-914f-c95d950d210b",
"url--556d6034-fa34-4dfe-914f-c95d950d210b",
"observed-data--556d6034-d12c-41fe-878c-c95d950d210b",
"url--556d6034-d12c-41fe-878c-c95d950d210b",
"observed-data--556d6034-ef50-4a3d-901b-c95d950d210b",
"url--556d6034-ef50-4a3d-901b-c95d950d210b",
"indicator--556d605f-4b04-402f-b71b-c95e950d210b",
"observed-data--556d605f-bf7c-4acc-ac62-c95e950d210b",
"domain-name--556d605f-bf7c-4acc-ac62-c95e950d210b",
"indicator--556d605f-ce88-4587-b93d-c95e950d210b",
"indicator--556d605f-ed10-414b-a44a-c95e950d210b",
"indicator--556d605f-65c8-4a7e-9cc8-c95e950d210b",
"indicator--556d605f-71ec-4a18-837c-c95e950d210b",
"indicator--556d6060-0e18-4006-911e-c95e950d210b",
"indicator--556d6060-2178-408b-9126-c95e950d210b",
"indicator--556d6060-aa10-450c-b653-c95e950d210b",
"indicator--556d6060-b980-4809-a056-c95e950d210b",
"indicator--556d6060-3550-42dc-aa8b-c95e950d210b",
"indicator--556d6060-0704-44e1-9514-c95e950d210b",
"indicator--556d6060-e58c-45e8-8c76-c95e950d210b",
"indicator--556d6060-3958-4f92-b967-c95e950d210b",
"observed-data--556d60a1-1f18-4ff4-8575-adf1950d210b",
"url--556d60a1-1f18-4ff4-8575-adf1950d210b",
"observed-data--556d60a1-c66c-474c-a7c5-adf1950d210b",
"url--556d60a1-c66c-474c-a7c5-adf1950d210b",
"observed-data--556d60a2-1944-4137-93d3-adf1950d210b",
"url--556d60a2-1944-4137-93d3-adf1950d210b",
"observed-data--556d60a2-8c34-4245-a0b0-adf1950d210b",
"url--556d60a2-8c34-4245-a0b0-adf1950d210b",
"observed-data--556d60dc-e568-401e-91ce-ae06950d210b",
"url--556d60dc-e568-401e-91ce-ae06950d210b",
"observed-data--556d60dc-3724-4f74-88c7-ae06950d210b",
"url--556d60dc-3724-4f74-88c7-ae06950d210b",
"observed-data--556d60dc-ef1c-4c28-a40c-ae06950d210b",
"url--556d60dc-ef1c-4c28-a40c-ae06950d210b",
"observed-data--556d60dc-f07c-4baf-8458-ae06950d210b",
"url--556d60dc-f07c-4baf-8458-ae06950d210b",
"observed-data--556d613c-5fdc-4ece-9e13-ae06950d210b",
"url--556d613c-5fdc-4ece-9e13-ae06950d210b",
"observed-data--556d613d-455c-4da7-9a85-ae06950d210b",
"url--556d613d-455c-4da7-9a85-ae06950d210b",
"observed-data--556d613d-2c98-4193-bc25-ae06950d210b",
"url--556d613d-2c98-4193-bc25-ae06950d210b",
"observed-data--556d613d-875c-4bf7-a19f-ae06950d210b",
"url--556d613d-875c-4bf7-a19f-ae06950d210b",
"observed-data--556d613d-c820-45fb-a6b7-ae06950d210b",
"url--556d613d-c820-45fb-a6b7-ae06950d210b",
"observed-data--556d613d-658c-446f-a083-ae06950d210b",
"url--556d613d-658c-446f-a083-ae06950d210b",
"observed-data--556d613d-5854-4782-82c7-ae06950d210b",
"url--556d613d-5854-4782-82c7-ae06950d210b",
"observed-data--556d613d-6aa4-4d5b-8be4-ae06950d210b",
"url--556d613d-6aa4-4d5b-8be4-ae06950d210b",
"observed-data--556d613d-f170-43e7-9080-ae06950d210b",
"url--556d613d-f170-43e7-9080-ae06950d210b",
"observed-data--556d613e-b63c-4623-86d3-ae06950d210b",
"url--556d613e-b63c-4623-86d3-ae06950d210b",
"observed-data--556d613e-7534-401b-b2da-ae06950d210b",
"url--556d613e-7534-401b-b2da-ae06950d210b",
"observed-data--556d613e-56b8-4056-8569-ae06950d210b",
"url--556d613e-56b8-4056-8569-ae06950d210b",
"observed-data--556d613e-cc40-4677-bb57-ae06950d210b",
"url--556d613e-cc40-4677-bb57-ae06950d210b",
"indicator--556d61ca-b484-4678-aca0-c95a950d210b",
"observed-data--556d61ca-1da8-4bea-bf45-c95a950d210b",
"domain-name--556d61ca-1da8-4bea-bf45-c95a950d210b",
"indicator--556d61cb-4d2c-42dd-a3a4-c95a950d210b",
"indicator--556d61cb-3374-45a9-89a8-c95a950d210b",
"indicator--556d61cb-ebd4-49f6-8842-c95a950d210b",
"indicator--556d61cb-c86c-43eb-ba76-c95a950d210b",
"indicator--556d61cb-f65c-4b06-989f-c95a950d210b",
"indicator--556d61cb-0180-4492-bfba-c95a950d210b",
"indicator--556d61cc-58d0-4227-8908-c95a950d210b",
"observed-data--556d61cc-6e78-4bcc-ace1-c95a950d210b",
"domain-name--556d61cc-6e78-4bcc-ace1-c95a950d210b",
"indicator--556d61cc-d48c-4365-8bad-c95a950d210b",
"indicator--556d61cc-63e8-4c3e-8458-c95a950d210b",
"indicator--556d61cc-b598-49bb-97d2-c95a950d210b",
"observed-data--556d61cc-92c8-4d53-8241-c95a950d210b",
"domain-name--556d61cc-92c8-4d53-8241-c95a950d210b",
"indicator--556d61cc-b3ac-471a-a920-c95a950d210b",
"indicator--556d61cc-f698-4e88-9566-c95a950d210b",
"indicator--556d61cd-d3ec-4636-8d5c-c95a950d210b",
"indicator--556d61cd-de60-48cf-85c1-c95a950d210b",
"indicator--556d61cd-26a8-4cb3-a5ba-c95a950d210b",
"indicator--556d61cd-b0b0-4952-a0c2-c95a950d210b",
"observed-data--556d61cd-3ebc-455e-a535-c95a950d210b",
"domain-name--556d61cd-3ebc-455e-a535-c95a950d210b",
"indicator--556d61cd-11a0-4b3b-8706-c95a950d210b",
"indicator--556d61cd-b01c-449c-ba7b-c95a950d210b",
"indicator--556d61ce-6a4c-4aef-9e4d-c95a950d210b",
"observed-data--556d61ce-5d28-4d1e-b280-c95a950d210b",
"domain-name--556d61ce-5d28-4d1e-b280-c95a950d210b",
"indicator--556d61ce-0130-4c17-ae26-c95a950d210b",
"indicator--556d61ce-e288-47bf-b413-c95a950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d5ed7-b2b0-46c5-b31d-a0e9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:56.000Z",
"modified": "2015-06-02T07:54:56.000Z",
"first_observed": "2015-06-02T07:54:56Z",
"last_observed": "2015-06-02T07:54:56Z",
"number_observed": 1,
"object_refs": [
"url--556d5ed7-b2b0-46c5-b31d-a0e9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d5ed7-b2b0-46c5-b31d-a0e9950d210b",
"value": "http://malwarefor.me/paying-days-cryptowall-3-0-campaign-via-magnitude-ek/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d5fab-035c-4891-906c-a71c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.0/19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d5fab-8e6c-4682-95d2-a71c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.172.189.0/24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d5fab-be34-46a5-9e39-a71c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.60.0/22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d5fab-15a8-421d-bec7-a71c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.241.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6002-7230-4a3f-b79d-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6002-3608-4524-b910-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'payingdays.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6003-c79c-40a9-b4f8-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6003-8f2c-4890-b60c-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'payingdays.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6003-2fc8-4b97-b2e9-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'payingdays.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6003-60f0-4df4-97a0-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6003-3600-4228-801c-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'payingday.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6003-f2fc-4c04-a5ba-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'payingday.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6003-2058-4f8c-a896-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6004-c314-4ddd-afac-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'paying-days.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6004-85f8-4e74-8a1b-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'paying-days.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d6034-d3f8-432f-b5c7-c95d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:50:12.000Z",
"modified": "2015-06-02T07:50:12.000Z",
"first_observed": "2015-06-02T07:50:12Z",
"last_observed": "2015-06-02T07:50:12Z",
"number_observed": 1,
"object_refs": [
"url--556d6034-d3f8-432f-b5c7-c95d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d6034-d3f8-432f-b5c7-c95d950d210b",
"value": "https://www.dropbox.com/s/27ux5o4wblh896e/2015-04-03-paying-days-net.pcap?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d6034-fa34-4dfe-914f-c95d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:50:12.000Z",
"modified": "2015-06-02T07:50:12.000Z",
"first_observed": "2015-06-02T07:50:12Z",
"last_observed": "2015-06-02T07:50:12Z",
"number_observed": 1,
"object_refs": [
"url--556d6034-fa34-4dfe-914f-c95d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d6034-fa34-4dfe-914f-c95d950d210b",
"value": "https://www.dropbox.com/s/6ydlxsly0v9i0w7/2015-04-03-paying-days-net-malware-exploits.zip?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d6034-d12c-41fe-878c-c95d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:50:12.000Z",
"modified": "2015-06-02T07:50:12.000Z",
"first_observed": "2015-06-02T07:50:12Z",
"last_observed": "2015-06-02T07:50:12Z",
"number_observed": 1,
"object_refs": [
"url--556d6034-d12c-41fe-878c-c95d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d6034-d12c-41fe-878c-c95d950d210b",
"value": "https://www.virustotal.com/en/file/b6d333814ce4792ca01be3be5ef6d83864c584a003da4e1ed14d310f45794e5f/analysis/1433112993/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d6034-ef50-4a3d-901b-c95d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:50:12.000Z",
"modified": "2015-06-02T07:50:12.000Z",
"first_observed": "2015-06-02T07:50:12Z",
"last_observed": "2015-06-02T07:50:12Z",
"number_observed": 1,
"object_refs": [
"url--556d6034-ef50-4a3d-901b-c95d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d6034-ef50-4a3d-901b-c95d950d210b",
"value": "https://www.virustotal.com/en/file/11c64ffa432ae10650f8661bc9a3e0b5e18f93539faa5f24e79fc217f7248d29/analysis/1433113002/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d605f-4b04-402f-b71b-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.172.189.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d605f-bf7c-4acc-ac62-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"first_observed": "2015-06-02T07:59:56Z",
"last_observed": "2015-06-02T07:59:56Z",
"number_observed": 1,
"object_refs": [
"domain-name--556d605f-bf7c-4acc-ac62-c95e950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--556d605f-bf7c-4acc-ac62-c95e950d210b",
"value": "6e552d8.7f2.fe.477fc.58.d6.c8.6e6c.df3.7b.aiqk05syj176.monthsacts.pw"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d605f-ce88-4587-b93d-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.164.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d605f-ed10-414b-a44a-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'ip-addr.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d605f-65c8-4a7e-9cc8-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.92.144.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d605f-71ec-4a18-837c-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'sloeponline.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6060-0e18-4006-911e-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.107.31.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6060-2178-408b-9126-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'chonburipalms.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6060-aa10-450c-b653-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.50.8.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6060-b980-4809-a056-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'hicoop.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6060-3550-42dc-aa8b-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.31.233.237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6060-0704-44e1-9514-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'katadata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6060-e58c-45e8-8c76-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.242.145.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d6060-3958-4f92-b967-c95e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'uaru.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d60a1-1f18-4ff4-8575-adf1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:52:01.000Z",
"modified": "2015-06-02T07:52:01.000Z",
"first_observed": "2015-06-02T07:52:01Z",
"last_observed": "2015-06-02T07:52:01Z",
"number_observed": 1,
"object_refs": [
"url--556d60a1-1f18-4ff4-8575-adf1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d60a1-1f18-4ff4-8575-adf1950d210b",
"value": "https://www.dropbox.com/s/lah20ol4wtf1i4s/2015-04-02-paying-days-com.pcap?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d60a1-c66c-474c-a7c5-adf1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:52:01.000Z",
"modified": "2015-06-02T07:52:01.000Z",
"first_observed": "2015-06-02T07:52:01Z",
"last_observed": "2015-06-02T07:52:01Z",
"number_observed": 1,
"object_refs": [
"url--556d60a1-c66c-474c-a7c5-adf1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d60a1-c66c-474c-a7c5-adf1950d210b",
"value": "https://www.dropbox.com/s/e4wirq0yxrztd46/2015-04-02-paying-days-com-malware-exploits.zip?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d60a2-1944-4137-93d3-adf1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:52:02.000Z",
"modified": "2015-06-02T07:52:02.000Z",
"first_observed": "2015-06-02T07:52:02Z",
"last_observed": "2015-06-02T07:52:02Z",
"number_observed": 1,
"object_refs": [
"url--556d60a2-1944-4137-93d3-adf1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d60a2-1944-4137-93d3-adf1950d210b",
"value": "https://www.virustotal.com/en/file/9467156ef5d22e2620e0d643f36213e1d5e53d77e5c23cb8287a77617e5118d7/analysis/1433112868/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d60a2-8c34-4245-a0b0-adf1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:52:02.000Z",
"modified": "2015-06-02T07:52:02.000Z",
"first_observed": "2015-06-02T07:52:02Z",
"last_observed": "2015-06-02T07:52:02Z",
"number_observed": 1,
"object_refs": [
"url--556d60a2-8c34-4245-a0b0-adf1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d60a2-8c34-4245-a0b0-adf1950d210b",
"value": "https://www.virustotal.com/en/file/1a509c2cc4f993cc44c93e4a6e5cffc7e6211db1f38a2e09a8327a425e9f644b/analysis/1433112877/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d60dc-e568-401e-91ce-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:53:00.000Z",
"modified": "2015-06-02T07:53:00.000Z",
"first_observed": "2015-06-02T07:53:00Z",
"last_observed": "2015-06-02T07:53:00Z",
"number_observed": 1,
"object_refs": [
"url--556d60dc-e568-401e-91ce-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d60dc-e568-401e-91ce-ae06950d210b",
"value": "https://www.dropbox.com/s/u5kdpoqiregzo6m/2015-03-21-payingday-biz.pcap?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d60dc-3724-4f74-88c7-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:53:00.000Z",
"modified": "2015-06-02T07:53:00.000Z",
"first_observed": "2015-06-02T07:53:00Z",
"last_observed": "2015-06-02T07:53:00Z",
"number_observed": 1,
"object_refs": [
"url--556d60dc-3724-4f74-88c7-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d60dc-3724-4f74-88c7-ae06950d210b",
"value": "https://www.dropbox.com/s/h2fvwzu43me3ieo/2015-03-21-payingday-biz-malware-exploits.zip?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d60dc-ef1c-4c28-a40c-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:53:00.000Z",
"modified": "2015-06-02T07:53:00.000Z",
"first_observed": "2015-06-02T07:53:00Z",
"last_observed": "2015-06-02T07:53:00Z",
"number_observed": 1,
"object_refs": [
"url--556d60dc-ef1c-4c28-a40c-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d60dc-ef1c-4c28-a40c-ae06950d210b",
"value": "https://www.virustotal.com/en/file/0b8e15124cb0365e16e837f76a6640fe1417e59d89d95c4a4438caed432dd280/analysis/1433112756/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d60dc-f07c-4baf-8458-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:53:00.000Z",
"modified": "2015-06-02T07:53:00.000Z",
"first_observed": "2015-06-02T07:53:00Z",
"last_observed": "2015-06-02T07:53:00Z",
"number_observed": 1,
"object_refs": [
"url--556d60dc-f07c-4baf-8458-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d60dc-f07c-4baf-8458-ae06950d210b",
"value": "https://www.virustotal.com/en/file/db5cbba38280afd4485def523de91cd324b070485fd28f90c2e69090b6bc7460/analysis/1433112766/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613c-5fdc-4ece-9e13-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:36.000Z",
"modified": "2015-06-02T07:54:36.000Z",
"first_observed": "2015-06-02T07:54:36Z",
"last_observed": "2015-06-02T07:54:36Z",
"number_observed": 1,
"object_refs": [
"url--556d613c-5fdc-4ece-9e13-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613c-5fdc-4ece-9e13-ae06950d210b",
"value": "https://www.dropbox.com/s/wvjq6sy6es1uklq/2015-03-10-payingday-net.pcap?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613d-455c-4da7-9a85-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:37.000Z",
"modified": "2015-06-02T07:54:37.000Z",
"first_observed": "2015-06-02T07:54:37Z",
"last_observed": "2015-06-02T07:54:37Z",
"number_observed": 1,
"object_refs": [
"url--556d613d-455c-4da7-9a85-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613d-455c-4da7-9a85-ae06950d210b",
"value": "https://www.dropbox.com/s/accjal4opyc8hgb/2015-03-10-payingday-net-malware-exploits.zip?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613d-2c98-4193-bc25-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:37.000Z",
"modified": "2015-06-02T07:54:37.000Z",
"first_observed": "2015-06-02T07:54:37Z",
"last_observed": "2015-06-02T07:54:37Z",
"number_observed": 1,
"object_refs": [
"url--556d613d-2c98-4193-bc25-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613d-2c98-4193-bc25-ae06950d210b",
"value": "https://www.virustotal.com/en/file/64913180a734e0127611104941f24cd2e454d80eca0c993a57287687e432bd18/analysis/1433112466/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613d-875c-4bf7-a19f-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:37.000Z",
"modified": "2015-06-02T07:54:37.000Z",
"first_observed": "2015-06-02T07:54:37Z",
"last_observed": "2015-06-02T07:54:37Z",
"number_observed": 1,
"object_refs": [
"url--556d613d-875c-4bf7-a19f-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613d-875c-4bf7-a19f-ae06950d210b",
"value": "https://www.virustotal.com/en/file/461c6f76b9f9a4804558559b0207aef96e0cd6faaaa1aeb51ec6031524809e3d/analysis/1433112475/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613d-c820-45fb-a6b7-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:37.000Z",
"modified": "2015-06-02T07:54:37.000Z",
"first_observed": "2015-06-02T07:54:37Z",
"last_observed": "2015-06-02T07:54:37Z",
"number_observed": 1,
"object_refs": [
"url--556d613d-c820-45fb-a6b7-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613d-c820-45fb-a6b7-ae06950d210b",
"value": "https://www.dropbox.com/s/w4akuoibm8h22nk/2015-03-06-payingdays-me.pcap?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613d-658c-446f-a083-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:37.000Z",
"modified": "2015-06-02T07:54:37.000Z",
"first_observed": "2015-06-02T07:54:37Z",
"last_observed": "2015-06-02T07:54:37Z",
"number_observed": 1,
"object_refs": [
"url--556d613d-658c-446f-a083-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613d-658c-446f-a083-ae06950d210b",
"value": "https://www.dropbox.com/s/qqx4d7k1se6v3fu/2015-03-06-payingdays-me-malware-exploits.zip?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613d-5854-4782-82c7-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:37.000Z",
"modified": "2015-06-02T07:54:37.000Z",
"first_observed": "2015-06-02T07:54:37Z",
"last_observed": "2015-06-02T07:54:37Z",
"number_observed": 1,
"object_refs": [
"url--556d613d-5854-4782-82c7-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613d-5854-4782-82c7-ae06950d210b",
"value": "https://www.virustotal.com/en/file/31a82064ac010cbd7ec75d02a8925df5a3351dea066a973ed480f47f0d843673/analysis/1433112355/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613d-6aa4-4d5b-8be4-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:37.000Z",
"modified": "2015-06-02T07:54:37.000Z",
"first_observed": "2015-06-02T07:54:37Z",
"last_observed": "2015-06-02T07:54:37Z",
"number_observed": 1,
"object_refs": [
"url--556d613d-6aa4-4d5b-8be4-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613d-6aa4-4d5b-8be4-ae06950d210b",
"value": "https://www.virustotal.com/en/file/11d111ea0068865d6b29b0952592dc36a3061878f9bcfa11512c3f7c8a7d8910/analysis/1433112352/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613d-f170-43e7-9080-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:37.000Z",
"modified": "2015-06-02T07:54:37.000Z",
"first_observed": "2015-06-02T07:54:37Z",
"last_observed": "2015-06-02T07:54:37Z",
"number_observed": 1,
"object_refs": [
"url--556d613d-f170-43e7-9080-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613d-f170-43e7-9080-ae06950d210b",
"value": "https://www.dropbox.com/s/ti2i9w95dqm3fj5/2015-03-05-payingdays-net.pcap?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613e-b63c-4623-86d3-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:38.000Z",
"modified": "2015-06-02T07:54:38.000Z",
"first_observed": "2015-06-02T07:54:38Z",
"last_observed": "2015-06-02T07:54:38Z",
"number_observed": 1,
"object_refs": [
"url--556d613e-b63c-4623-86d3-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613e-b63c-4623-86d3-ae06950d210b",
"value": "https://www.dropbox.com/s/xwrxr0kbs05ku3j/2015-03-05-payingdays-net-malware-exploits.zip?dl=0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613e-7534-401b-b2da-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:38.000Z",
"modified": "2015-06-02T07:54:38.000Z",
"first_observed": "2015-06-02T07:54:38Z",
"last_observed": "2015-06-02T07:54:38Z",
"number_observed": 1,
"object_refs": [
"url--556d613e-7534-401b-b2da-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613e-7534-401b-b2da-ae06950d210b",
"value": "https://www.virustotal.com/en/file/c17cc9c8cde83f2e8eca8c150dbb53bf3c21ea2f6f8d52fc3106a0d27ee54387/analysis/1433111134/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613e-56b8-4056-8569-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:38.000Z",
"modified": "2015-06-02T07:54:38.000Z",
"first_observed": "2015-06-02T07:54:38Z",
"last_observed": "2015-06-02T07:54:38Z",
"number_observed": 1,
"object_refs": [
"url--556d613e-56b8-4056-8569-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613e-56b8-4056-8569-ae06950d210b",
"value": "https://www.virustotal.com/en/file/9075693563391ceb6625607066c72c520b8c692fd5381555fadffbe783a672c0/analysis/1433111146/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d613e-cc40-4677-bb57-ae06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:54:38.000Z",
"modified": "2015-06-02T07:54:38.000Z",
"first_observed": "2015-06-02T07:54:38Z",
"last_observed": "2015-06-02T07:54:38Z",
"number_observed": 1,
"object_refs": [
"url--556d613e-cc40-4677-bb57-ae06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--556d613e-cc40-4677-bb57-ae06950d210b",
"value": "https://www.virustotal.com/en/file/1a1354dfa543dc52472656891cd100e61f1a4e3cb1b6f9ed224286372182522c/analysis/1433111177/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61ca-b484-4678-aca0-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.60.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d61ca-1da8-4bea-bf45-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"first_observed": "2015-06-02T07:59:56Z",
"last_observed": "2015-06-02T07:59:56Z",
"number_observed": 1,
"object_refs": [
"domain-name--556d61ca-1da8-4bea-bf45-c95a950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--556d61ca-1da8-4bea-bf45-c95a950d210b",
"value": "ff.9e155ed.25ed.710.9683e.0b.ffe5d93.b6.ze46v5aetp.comparingcup.in"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cb-4d2c-42dd-a3a4-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.221.161.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cb-3374-45a9-89a8-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'filemade.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cb-ebd4-49f6-8842-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.23.6.131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cb-c86c-43eb-ba76-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'report.93u79i1793qgm31ws3e.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cb-f65c-4b06-989f-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.242.253.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cb-0180-4492-bfba-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'update2.ott3m4lh7.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cc-58d0-4227-8908-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.60.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d61cc-6e78-4bcc-ace1-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"first_observed": "2015-06-02T07:59:56Z",
"last_observed": "2015-06-02T07:59:56Z",
"number_observed": 1,
"object_refs": [
"domain-name--556d61cc-6e78-4bcc-ace1-c95a950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--556d61cc-6e78-4bcc-ace1-c95a950d210b",
"value": "3db1488.e9fa7.a0.23.d726.4909e.99.494a.4.ccgxn328.callheads.in"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cc-d48c-4365-8bad-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.107.31.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cc-63e8-4c3e-8458-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'azquasoft.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cc-b598-49bb-97d2-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.60.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d61cc-92c8-4d53-8241-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"first_observed": "2015-06-02T07:59:56Z",
"last_observed": "2015-06-02T07:59:56Z",
"number_observed": 1,
"object_refs": [
"domain-name--556d61cc-92c8-4d53-8241-c95a950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--556d61cc-92c8-4d53-8241-c95a950d210b",
"value": "8c521.8a03680.af2411.c3788c.eb8eba8.c.e5rxa5b3.linesadded.in"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cc-b3ac-471a-a920-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:57:00.000Z",
"modified": "2015-06-02T07:57:00.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.147.242.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:57:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cc-f698-4e88-9566-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'judora-ng.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cd-d3ec-4636-8d5c-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:57:01.000Z",
"modified": "2015-06-02T07:57:01.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.195.198.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cd-de60-48cf-85c1-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'tryea.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cd-26a8-4cb3-a5ba-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:57:01.000Z",
"modified": "2015-06-02T07:57:01.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.254.81.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cd-b0b0-4952-a0c2-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'aseanian.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d61cd-3ebc-455e-a535-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"first_observed": "2015-06-02T07:59:56Z",
"last_observed": "2015-06-02T07:59:56Z",
"number_observed": 1,
"object_refs": [
"domain-name--556d61cd-3ebc-455e-a535-c95a950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--556d61cd-3ebc-455e-a535-c95a950d210b",
"value": "a10.04854f.a9d.01d9.74ecbb.fbc.2883.f52.j77ea490.inchstraining.in"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cd-11a0-4b3b-8706-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:57:01.000Z",
"modified": "2015-06-02T07:57:01.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '182.92.74.222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61cd-b01c-449c-ba7b-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'geiliyou.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61ce-6a4c-4aef-9e4d-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:57:02.000Z",
"modified": "2015-06-02T07:57:02.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.172.189.238']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--556d61ce-5d28-4d1e-b280-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"first_observed": "2015-06-02T07:59:56Z",
"last_observed": "2015-06-02T07:59:56Z",
"number_observed": 1,
"object_refs": [
"domain-name--556d61ce-5d28-4d1e-b280-c95a950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--556d61ce-5d28-4d1e-b280-c95a950d210b",
"value": "23bc.f1e.8198117.4140.640.e6.1c836.aa5a.y4p52s21bnb.adoptsmaterial.pw"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61ce-0130-4c17-ae26-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:57:02.000Z",
"modified": "2015-06-02T07:57:02.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.34.157.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--556d61ce-e288-47bf-b413-c95a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-02T07:59:56.000Z",
"modified": "2015-06-02T07:59:56.000Z",
"pattern": "[domain-name:value = 'alimco.com.co']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-02T07:59:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink