adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5773b18a-9710-4337-ae4c-4014950d210f.json

1289 lines
No EOL
53 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5773b18a-9710-4337-ae4c-4014950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T15:34:41.000Z",
"modified": "2016-06-29T15:34:41.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5773b18a-9710-4337-ae4c-4014950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T15:34:41.000Z",
"modified": "2016-06-29T15:34:41.000Z",
"name": "Malspam 2016-06-29 (campaign subject: 'Financial report')",
"published": "2016-06-30T09:26:47Z",
"object_refs": [
"x-misp-attribute--5773b269-7c34-4ff4-befa-4580950d210f",
"indicator--5773b2a5-83e4-43cb-9e63-49ae950d210f",
"indicator--5773b2a5-8ec4-4d4e-9caf-4e13950d210f",
"indicator--5773b2a6-ae30-47a0-b7a6-4dc2950d210f",
"indicator--5773b2a6-2578-4428-aed5-473e950d210f",
"indicator--5773b2a6-b634-4687-96e3-46b5950d210f",
"indicator--5773b2a6-e06c-4cde-b91d-4b3d950d210f",
"indicator--5773b2a6-c5ec-42d3-879f-4980950d210f",
"indicator--5773b2a7-3adc-4de4-8847-4b38950d210f",
"indicator--5773b2a7-5ae8-4c9a-b19c-4345950d210f",
"indicator--5773b2a7-bf78-4b2d-b477-454b950d210f",
"indicator--5773b2a7-ee7c-4828-9eb0-4f1b950d210f",
"indicator--5773b2a7-aec4-49f3-8bf6-4871950d210f",
"indicator--5773b2a8-d050-4b1c-a5ef-4ebd950d210f",
"indicator--5773b2a8-3a04-49c9-872c-4fe8950d210f",
"indicator--5773b2a8-a3a0-4c0b-bfac-4675950d210f",
"indicator--5773b2a8-26a8-4cc7-b855-4c87950d210f",
"indicator--5773b2a8-61ac-4545-bbf2-40e2950d210f",
"indicator--5773b2a9-83cc-42a7-a476-4c93950d210f",
"indicator--5773b2a9-54a0-4b7e-a721-4e98950d210f",
"indicator--5773b2a9-aee4-40d6-b5e1-43e8950d210f",
"indicator--5773b2a9-5464-4a3d-b998-444d950d210f",
"indicator--5773b2aa-e9f8-4f43-985c-41cc950d210f",
"indicator--5773b2aa-c18c-476e-a96d-4960950d210f",
"indicator--5773b2aa-5c8c-4e29-8d2f-4f54950d210f",
"indicator--5773b2aa-635c-48af-baa0-42f2950d210f",
"indicator--5773b2aa-cc4c-4e0a-86a8-41ab950d210f",
"indicator--5773b2ab-e204-4374-95bd-41e4950d210f",
"indicator--5773b2ab-da7c-44e7-b07b-4f0b950d210f",
"indicator--5773b2ab-4d80-4ce3-8766-4d86950d210f",
"indicator--5773b2ab-b0d0-4e30-a7d7-44de950d210f",
"indicator--5773b2ac-66fc-42cb-bd82-4785950d210f",
"indicator--5773b2ac-1e74-49c0-b2ba-4511950d210f",
"indicator--5773b2ad-1390-4d45-80af-4f4c950d210f",
"indicator--5773b2ad-94a8-4f84-83cd-4f8e950d210f",
"indicator--5773b2ae-e1e4-4e20-9095-40c0950d210f",
"indicator--5773b2ae-22ac-4177-a51d-4989950d210f",
"indicator--5773b2af-1398-4ac0-9c28-4a4c950d210f",
"indicator--5773b2af-2e7c-4b7c-9949-44c2950d210f",
"indicator--5773b2b0-caec-476a-a198-436c950d210f",
"indicator--5773b2b0-b85c-4705-9b3f-456a950d210f",
"indicator--5773b2b1-08d0-47e8-bf70-4acd950d210f",
"indicator--5773b2b1-95d8-4752-a962-43fd950d210f",
"indicator--5773b2b1-2aa0-47eb-968b-48d5950d210f",
"indicator--5773b2b2-9f88-4066-a7db-475e950d210f",
"indicator--5773b2b2-c308-4746-baf7-40a8950d210f",
"indicator--5773b2b3-fd78-4e6e-8879-42cc950d210f",
"indicator--5773b2b3-fa4c-4242-bb16-4590950d210f",
"indicator--5773b2b4-1f74-4d8f-931d-494e950d210f",
"observed-data--5773effe-ad50-4658-8241-40f8950d210f",
"email-message--5773effe-ad50-4658-8241-40f8950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5773b269-7c34-4ff4-befa-4580950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:35:04.000Z",
"modified": "2016-06-29T11:35:04.000Z",
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_type": "user-agent",
"x_misp_value": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a5-83e4-43cb-9e63-49ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:05.000Z",
"modified": "2016-06-29T11:36:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.146.42.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a5-8ec4-4d4e-9caf-4e13950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:05.000Z",
"modified": "2016-06-29T11:36:05.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.82.125.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a6-ae30-47a0-b7a6-4dc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:06.000Z",
"modified": "2016-06-29T11:36:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.119.174.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a6-2578-4428-aed5-473e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:06.000Z",
"modified": "2016-06-29T11:36:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.50.42.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a6-b634-4687-96e3-46b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:06.000Z",
"modified": "2016-06-29T11:36:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.50.44.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a6-e06c-4cde-b91d-4b3d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:06.000Z",
"modified": "2016-06-29T11:36:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.210.101.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a6-c5ec-42d3-879f-4980950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:06.000Z",
"modified": "2016-06-29T11:36:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.210.101.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a7-3adc-4de4-8847-4b38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:07.000Z",
"modified": "2016-06-29T11:36:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.248.213.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a7-5ae8-4c9a-b19c-4345950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:07.000Z",
"modified": "2016-06-29T11:36:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.63.16.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a7-bf78-4b2d-b477-454b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:07.000Z",
"modified": "2016-06-29T11:36:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.21.40.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a7-ee7c-4828-9eb0-4f1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:07.000Z",
"modified": "2016-06-29T11:36:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.166.6.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a7-aec4-49f3-8bf6-4871950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:07.000Z",
"modified": "2016-06-29T11:36:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '205.236.147.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a8-d050-4b1c-a5ef-4ebd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:08.000Z",
"modified": "2016-06-29T11:36:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a8-3a04-49c9-872c-4fe8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:08.000Z",
"modified": "2016-06-29T11:36:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.196.205.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a8-a3a0-4c0b-bfac-4675950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:08.000Z",
"modified": "2016-06-29T11:36:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.158.72.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a8-26a8-4cc7-b855-4c87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:08.000Z",
"modified": "2016-06-29T11:36:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.239.136.156']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a8-61ac-4545-bbf2-40e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:08.000Z",
"modified": "2016-06-29T11:36:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.31.51.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a9-83cc-42a7-a476-4c93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:09.000Z",
"modified": "2016-06-29T11:36:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.19.218.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a9-54a0-4b7e-a721-4e98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:09.000Z",
"modified": "2016-06-29T11:36:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.235.47.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a9-aee4-40d6-b5e1-43e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:09.000Z",
"modified": "2016-06-29T11:36:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.99.205.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2a9-5464-4a3d-b998-444d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:09.000Z",
"modified": "2016-06-29T11:36:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.27.174.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2aa-e9f8-4f43-985c-41cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:10.000Z",
"modified": "2016-06-29T11:36:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2aa-c18c-476e-a96d-4960950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:10.000Z",
"modified": "2016-06-29T11:36:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.140.32.172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2aa-5c8c-4e29-8d2f-4f54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:10.000Z",
"modified": "2016-06-29T11:36:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.197.131.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2aa-635c-48af-baa0-42f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:10.000Z",
"modified": "2016-06-29T11:36:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.235.64.44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2aa-cc4c-4e0a-86a8-41ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:10.000Z",
"modified": "2016-06-29T11:36:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.86.120.181']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ab-e204-4374-95bd-41e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:11.000Z",
"modified": "2016-06-29T11:36:11.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.42.39.81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ab-da7c-44e7-b07b-4f0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:11.000Z",
"modified": "2016-06-29T11:36:11.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.127.185.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ab-4d80-4ce3-8766-4d86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:11.000Z",
"modified": "2016-06-29T11:36:11.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.231.103.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ab-b0d0-4e30-a7d7-44de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:11.000Z",
"modified": "2016-06-29T11:36:11.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.170.90.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ac-66fc-42cb-bd82-4785950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:12.000Z",
"modified": "2016-06-29T11:36:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'arquipiedra.cl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ac-1e74-49c0-b2ba-4511950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:12.000Z",
"modified": "2016-06-29T11:36:12.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'benelist.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ad-1390-4d45-80af-4f4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:13.000Z",
"modified": "2016-06-29T11:36:13.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'buron.dk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ad-94a8-4f84-83cd-4f8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:13.000Z",
"modified": "2016-06-29T11:36:13.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'centralbs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ae-e1e4-4e20-9095-40c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:14.000Z",
"modified": "2016-06-29T11:36:14.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'centro-odontoiatrico-neuromuscolare.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2ae-22ac-4177-a51d-4989950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:14.000Z",
"modified": "2016-06-29T11:36:14.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'deutsch-krone.privat.t-online.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2af-1398-4ac0-9c28-4a4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:15.000Z",
"modified": "2016-06-29T11:36:15.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'dewaeletransportes.atspace.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2af-2e7c-4b7c-9949-44c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:15.000Z",
"modified": "2016-06-29T11:36:15.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'dragoljub.50webs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b0-caec-476a-a198-436c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:16.000Z",
"modified": "2016-06-29T11:36:16.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'elipse.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b0-b85c-4705-9b3f-456a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:16.000Z",
"modified": "2016-06-29T11:36:16.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'free.co.ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b1-08d0-47e8-bf70-4acd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:17.000Z",
"modified": "2016-06-29T11:36:17.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'geiten.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b1-95d8-4752-a962-43fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:17.000Z",
"modified": "2016-06-29T11:36:17.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'greatlakessawingsolutions.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b1-2aa0-47eb-968b-48d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:17.000Z",
"modified": "2016-06-29T11:36:17.000Z",
"description": "download location",
"pattern": "[url:value = 'http://115.146.42.43/5dtvzet']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b2-9f88-4066-a7db-475e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:18.000Z",
"modified": "2016-06-29T11:36:18.000Z",
"description": "download location",
"pattern": "[url:value = 'http://210.196.205.19/~pvpip/ypznpez0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b2-c308-4746-baf7-40a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:18.000Z",
"modified": "2016-06-29T11:36:18.000Z",
"description": "download location",
"pattern": "[url:value = 'http://65.99.205.183/~studiantec/w29xxnph']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b3-fd78-4e6e-8879-42cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:19.000Z",
"modified": "2016-06-29T11:36:19.000Z",
"description": "download location",
"pattern": "[url:value = 'http://82.140.32.172/~haukebensch/3l6zu4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b3-fa4c-4242-bb16-4590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:19.000Z",
"modified": "2016-06-29T11:36:19.000Z",
"description": "download location",
"pattern": "[url:value = 'http://83.235.64.44/~astr-pap/3h59w9s']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5773b2b4-1f74-4d8f-931d-494e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T11:36:20.000Z",
"modified": "2016-06-29T11:36:20.000Z",
"description": "download location",
"pattern": "[url:value = 'http://arquipiedra.cl/6xp7a8k5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-29T11:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5773effe-ad50-4658-8241-40f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-29T15:57:50.000Z",
"modified": "2016-06-29T15:57:50.000Z",
"first_observed": "2016-06-29T15:57:50Z",
"last_observed": "2016-06-29T15:57:50Z",
"number_observed": 1,
"object_refs": [
"email-message--5773effe-ad50-4658-8241-40f8950d210f"
],
"labels": [
"misp:type=\"email-subject\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5773effe-ad50-4658-8241-40f8950d210f",
"is_multipart": false,
"subject": "Financial report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink