adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59b286e5-9604-4c1c-a51b-423b950d210f.json

1514 lines
No EOL
62 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--59b286e5-9604-4c1c-a51b-423b950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:11:24.000Z",
"modified": "2017-09-08T12:11:24.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59b286e5-9604-4c1c-a51b-423b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:11:24.000Z",
"modified": "2017-09-08T12:11:24.000Z",
"name": "OSINT - Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms",
"published": "2017-09-11T12:05:44Z",
"object_refs": [
"indicator--59b28702-1778-4627-9722-4b49950d210f",
"indicator--59b28702-0bb0-4db6-a142-4b58950d210f",
"indicator--59b28702-3dac-4ad2-b02c-4a4c950d210f",
"indicator--59b28702-41d4-4b35-95e4-4564950d210f",
"observed-data--59b28713-8418-4ce6-82c2-45f3950d210f",
"url--59b28713-8418-4ce6-82c2-45f3950d210f",
"x-misp-attribute--59b2872b-a554-4084-93d6-446e950d210f",
"indicator--59b287b0-87c4-4842-991f-4808950d210f",
"indicator--59b287b0-43ec-4f65-9e3d-42a0950d210f",
"indicator--59b287b0-7248-4106-b838-4abf950d210f",
"indicator--59b287b0-93c0-427a-90b6-46fe950d210f",
"indicator--59b287b0-060c-4687-bf26-4cba950d210f",
"indicator--59b287b0-1654-4c10-a4a6-4ff2950d210f",
"indicator--59b287b0-5130-4017-be0a-4c8a950d210f",
"indicator--59b287b0-cb30-494d-b0f4-4318950d210f",
"indicator--59b287b0-44e8-4377-88dc-4ae1950d210f",
"indicator--59b287b0-2fcc-4bfa-ae81-4b15950d210f",
"indicator--59b287b0-c460-48a3-818b-462d950d210f",
"indicator--59b287b0-6570-40bb-9cb5-4ab4950d210f",
"indicator--59b287b0-7570-4cbd-8774-4ac0950d210f",
"indicator--59b287b0-2364-466d-83c7-4ca7950d210f",
"indicator--59b287b0-6ee8-4d08-8e1e-42c6950d210f",
"indicator--59b287b0-e7bc-4cc2-a703-476e950d210f",
"indicator--59b287b0-3bb4-4b19-b867-4baa950d210f",
"indicator--59b287b0-af50-48e2-bbda-4dc4950d210f",
"indicator--59b287b0-5d84-49b7-a4ed-4bec950d210f",
"indicator--59b287b0-8894-443d-91ec-47d6950d210f",
"indicator--59b287b0-ee3c-4073-a648-416a950d210f",
"indicator--59b287b0-5534-47db-85d0-45fc950d210f",
"indicator--59b287b0-6550-4b4f-bf85-4e04950d210f",
"indicator--59b287b0-9278-4cec-9ac8-4bdb950d210f",
"indicator--59b287b0-9080-4a75-9b5d-4e23950d210f",
"indicator--59b287b0-adc8-49bb-8e86-4561950d210f",
"indicator--59b287b0-683c-4688-b7dc-4113950d210f",
"indicator--59b287b0-a15c-4395-bc71-4377950d210f",
"indicator--59b287b0-7254-4553-bd86-4b2c950d210f",
"indicator--59b287b0-dc50-499a-815e-4bb5950d210f",
"indicator--59b28818-19a0-4f5a-9979-47b0950d210f",
"indicator--59b28818-e66c-4aa3-990a-4389950d210f",
"indicator--59b28819-1b00-4ccb-b033-4b5f950d210f",
"indicator--59b28819-8d0c-419a-846f-45eb950d210f",
"indicator--59b28819-fbf8-4bdd-96bd-46a1950d210f",
"indicator--59b28819-43d4-4cd5-93a3-4434950d210f",
"indicator--59b28819-0938-4edb-8955-40cf950d210f",
"indicator--59b28819-0b44-482b-a3b5-4594950d210f",
"indicator--59b28819-3b4c-4937-8492-43fc950d210f",
"indicator--59b28819-693c-43c6-a8ff-40bc950d210f",
"indicator--59b28819-7f58-46ff-ac78-4e35950d210f",
"indicator--59b28819-b57c-4f41-978a-48d9950d210f",
"indicator--59b28819-df8c-4554-bfff-47a4950d210f",
"indicator--59b28819-7d6c-4404-bf40-4b8f950d210f",
"indicator--59b28819-3ea0-4ef3-8206-41bd950d210f",
"indicator--59b28819-5f48-437c-a7cd-4d76950d210f",
"indicator--59b28819-8be8-4f1e-b1c3-4914950d210f",
"indicator--59b28819-3de0-45de-9811-44e2950d210f",
"indicator--59b28819-1f80-4fc1-bb4a-4065950d210f",
"indicator--59b28819-a748-424a-b213-432d950d210f",
"indicator--59b28819-4acc-47ed-b461-4153950d210f",
"indicator--59b28819-33d8-4321-84d1-4a96950d210f",
"indicator--59b28819-4ec8-42b9-8667-4976950d210f",
"indicator--59b28819-6f0c-4384-8dd5-4335950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"blog-post\"",
"ms-caro-malware:malware-type=\"DDoS\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28702-1778-4627-9722-4b49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:03:14.000Z",
"modified": "2017-09-08T12:03:14.000Z",
"pattern": "[domain-name:value = 'shashenddos.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:03:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28702-0bb0-4db6-a142-4b58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:03:14.000Z",
"modified": "2017-09-08T12:03:14.000Z",
"pattern": "[domain-name:value = '87ddos.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:03:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28702-3dac-4ad2-b02c-4a4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:03:14.000Z",
"modified": "2017-09-08T12:03:14.000Z",
"pattern": "[domain-name:value = 'www.dk.ps88.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:03:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28702-41d4-4b35-95e4-4564950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:03:14.000Z",
"modified": "2017-09-08T12:03:14.000Z",
"pattern": "[domain-name:value = 'www.pc4.tw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:03:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b28713-8418-4ce6-82c2-45f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:04:52.000Z",
"modified": "2017-09-08T12:04:52.000Z",
"first_observed": "2017-09-08T12:04:52Z",
"last_observed": "2017-09-08T12:04:52Z",
"number_observed": 1,
"object_refs": [
"url--59b28713-8418-4ce6-82c2-45f3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59b28713-8418-4ce6-82c2-45f3950d210f",
"value": "http://blog.talosintelligence.com/2017/08/chinese-online-ddos-platforms.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59b2872b-a554-4084-93d6-446e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:04:58.000Z",
"modified": "2017-09-08T12:04:58.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "In the past few months, Talos has observed an uptick in the number of Chinese websites offering online DDoS services. Many of these websites have a nearly identical layout and design, offering a simple interface in which the user selects a target\u00e2\u20ac\u2122s host, port, attack method, and duration of attack. In addition, the majority of these sites have been registered within the past six months. However, the websites operate under different group names and have different registrants. In addition, Talos has observed administrators of these websites launching attacks on one another. Talos sought to research the actors responsible for creating these platforms and analyze why they have become more prevalent lately."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-87c4-4842-991f-4808950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.794ddos.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-43ec-4f65-9e3d-42a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.tmddos.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-7248-4106-b838-4abf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.wm-ddos.win']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-93c0-427a-90b6-46fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.tc4.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-060c-4687-bf26-4cba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.hkddos.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-1654-4c10-a4a6-4ff2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.ppddos.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-5130-4017-be0a-4c8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.lnddos.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-cb30-494d-b0f4-4318950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.711ddos.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-44e8-4377-88dc-4ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.830ddos.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-2fcc-4bfa-ae81-4b15950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.bbddos.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-c460-48a3-818b-462d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.941ddos.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-6570-40bb-9cb5-4ab4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.123ddos.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-7570-4cbd-8774-4ac0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.the-dos.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-2364-466d-83c7-4ca7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.etddos.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-6ee8-4d08-8e1e-42c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.jtddos.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-e7bc-4cc2-a703-476e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.ccddos.ml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-3bb4-4b19-b867-4baa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.87ddos.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-af50-48e2-bbda-4dc4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.ddos.cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-5d84-49b7-a4ed-4bec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.hackdd.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-8894-443d-91ec-47d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.shashenddos.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-ee3c-4073-a648-416a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.minddos.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-5534-47db-85d0-45fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.caihongtangddos.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-6550-4b4f-bf85-4e04950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.zfxcb.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-9278-4cec-9ac8-4bdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.91moyu.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-9080-4a75-9b5d-4e23950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.xcbzy.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-adc8-49bb-8e86-4561950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.this-ddos.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-683c-4688-b7dc-4113950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.aaajb.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-a15c-4395-bc71-4377950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.ddos.qv5.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-7254-4553-bd86-4b2c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.tdddos.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b287b0-dc50-499a-815e-4bb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:06:08.000Z",
"modified": "2017-09-08T12:06:08.000Z",
"description": "Online DDoS Websites",
"pattern": "[domain-name:value = 'www.ddos.blue']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:06:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28818-19a0-4f5a-9979-47b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:52.000Z",
"modified": "2017-09-08T12:07:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.54.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28818-e66c-4aa3-990a-4389950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:52.000Z",
"modified": "2017-09-08T12:07:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.40.150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-1b00-4ccb-b033-4b5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.159.30.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-8d0c-419a-846f-45eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.161.160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-fbf8-4bdd-96bd-46a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.174.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-43d4-4cd5-93a3-4434950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.128.111']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-0938-4edb-8955-40cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.217.162.94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-0b44-482b-a3b5-4594950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.130.205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-3b4c-4937-8492-43fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.255.237.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-693c-43c6-a8ff-40bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.202.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-7f58-46ff-ac78-4e35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.177.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-b57c-4f41-978a-48d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.31.86.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-df8c-4554-bfff-47a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.42.212.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-7d6c-4404-bf40-4b8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.4.210.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-3ea0-4ef3-8206-41bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.33.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-5f48-437c-a7cd-4d76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.154.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-8be8-4f1e-b1c3-4914950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.137.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-3de0-45de-9811-44e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.230.235.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-1f80-4fc1-bb4a-4065950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.42.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-a748-424a-b213-432d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.251.93.27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-4acc-47ed-b461-4153950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.62.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-33d8-4321-84d1-4a96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.24.117.44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-4ec8-42b9-8667-4976950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.28.4.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b28819-6f0c-4384-8dd5-4335950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T12:07:53.000Z",
"modified": "2017-09-08T12:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.31.76.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T12:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink