diff --git a/packages/tcp/_dev/build/build.yml b/packages/tcp/_dev/build/build.yml index 08d85edcf9a..d61527283ec 100644 --- a/packages/tcp/_dev/build/build.yml +++ b/packages/tcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@8.2 diff --git a/packages/tcp/changelog.yml b/packages/tcp/changelog.yml index 63219197a35..a8ef73b37e9 100644 --- a/packages/tcp/changelog.yml +++ b/packages/tcp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.0.0" changes: - description: Initial Release diff --git a/packages/tcp/data_stream/generic/sample_event.json b/packages/tcp/data_stream/generic/sample_event.json index 05932f55da5..15130786260 100644 --- a/packages/tcp/data_stream/generic/sample_event.json +++ b/packages/tcp/data_stream/generic/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "1.11.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b401b753-f7aa-4f45-8204-fb83d47df6cd", diff --git a/packages/tcp/manifest.yml b/packages/tcp/manifest.yml index d322bfde0d4..6c3a1f5536b 100644 --- a/packages/tcp/manifest.yml +++ b/packages/tcp/manifest.yml @@ -3,7 +3,7 @@ name: tcp title: Custom TCP Logs description: Collect raw TCP data from listening TCP port with Elastic Agent. type: integration -version: 1.0.0 +version: 1.1.0 release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/tenable_sc/_dev/build/build.yml b/packages/tenable_sc/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/tenable_sc/_dev/build/build.yml +++ b/packages/tenable_sc/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index a77dbefc95c..16fca591289 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.1.1" changes: - description: Add documentation for multi-fields @@ -9,7 +14,7 @@ - description: Add custom User-Agent. Added configurable response size. Added filter in vulnerability dashboard to filter hostname and vulnerability cve id. Added unique identifier to asset. type: enhancement link: https://github.com/elastic/integrations/pull/2718 -- version: "1.0.0" +- version: 1.0.0 changes: - description: Promote to GA. type: enhancement diff --git a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json index 7b029d1af1d..498c0fd5ba3 100644 --- a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json +++ b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "host", @@ -78,7 +78,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "host", @@ -154,7 +154,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "host", diff --git a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index 826e04873ab..f3288708844 100644 --- a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc asset logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/asset/sample_event.json b/packages/tenable_sc/data_stream/asset/sample_event.json index 4cb4829f173..1b12f787ed8 100644 --- a/packages/tenable_sc/data_stream/asset/sample_event.json +++ b/packages/tenable_sc/data_stream/asset/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json index d733d5111a7..e47cb5d7677 100644 --- a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json +++ b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "kind": "event", @@ -90,7 +90,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "kind": "event", @@ -230,7 +230,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "kind": "event", @@ -353,7 +353,7 @@ { "@timestamp": "2021-09-27T01:33:53.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "kind": "event", diff --git a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml index 685a3a43792..4e6d4aa7d91 100644 --- a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc plugin logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/plugin/sample_event.json b/packages/tenable_sc/data_stream/plugin/sample_event.json index 1483c68fadf..88c4340113c 100644 --- a/packages/tenable_sc/data_stream/plugin/sample_event.json +++ b/packages/tenable_sc/data_stream/plugin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json index fc33b8d3408..41c7cc601ac 100644 --- a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json +++ b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -117,7 +117,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -234,7 +234,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -415,7 +415,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -630,7 +630,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index 4a1361840bd..494f6ca83b2 100644 --- a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc vulnerability logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/vulnerability/sample_event.json b/packages/tenable_sc/data_stream/vulnerability/sample_event.json index 3f825fb02f6..c1872bec2de 100644 --- a/packages/tenable_sc/data_stream/vulnerability/sample_event.json +++ b/packages/tenable_sc/data_stream/vulnerability/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/docs/README.md b/packages/tenable_sc/docs/README.md index abd96abd35c..23a16d1700d 100644 --- a/packages/tenable_sc/docs/README.md +++ b/packages/tenable_sc/docs/README.md @@ -47,7 +47,7 @@ An example event for `asset` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", @@ -238,7 +238,7 @@ An example event for `plugin` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", @@ -493,7 +493,7 @@ An example event for `vulnerability` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml index f5927fe28db..d480adc168b 100644 --- a/packages/tenable_sc/manifest.yml +++ b/packages/tenable_sc/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: tenable_sc title: Tenable.sc # The version must be updated in the pipeline as well. Until elastic/kibana#121310 is implemented we will have to manually sync these. -version: 1.1.1 +version: 1.2.0 license: basic description: | Collect logs from Tenable.sc with Elastic Agent. diff --git a/packages/ti_abusech/_dev/build/build.yml b/packages/ti_abusech/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_abusech/_dev/build/build.yml +++ b/packages/ti_abusech/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_abusech/changelog.yml b/packages/ti_abusech/changelog.yml index 92b86153992..4f893f77e70 100644 --- a/packages/ti_abusech/changelog.yml +++ b/packages/ti_abusech/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.3" changes: - description: Add mapping for event.created diff --git a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json index 00a0ff95305..337c854870a 100644 --- a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json @@ -5,7 +5,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -50,7 +50,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -146,7 +146,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -191,7 +191,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -284,7 +284,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -329,7 +329,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -421,7 +421,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -466,7 +466,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -511,7 +511,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -556,7 +556,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -601,7 +601,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -693,7 +693,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -738,7 +738,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -785,7 +785,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -830,7 +830,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -875,7 +875,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -922,7 +922,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -967,7 +967,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1012,7 +1012,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1057,7 +1057,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1102,7 +1102,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml index 8dcc275ab04..f0843a64975 100644 --- a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malware/sample_event.json b/packages/ti_abusech/data_stream/malware/sample_event.json index 5800635b7cc..7f6f1afed40 100644 --- a/packages/ti_abusech/data_stream/malware/sample_event.json +++ b/packages/ti_abusech/data_stream/malware/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "0cd371ed-8f03-437b-909d-8daccf9843fc", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json index 7611c9af8ec..70a0c292c3c 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -207,7 +207,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -332,7 +332,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -394,7 +394,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -460,7 +460,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -531,7 +531,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml index 74ba72f1ed5..3b5f298c44e 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json index b17ab22ddcd..b4249697f83 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "0cd371ed-8f03-437b-909d-8daccf9843fc", diff --git a/packages/ti_abusech/manifest.yml b/packages/ti_abusech/manifest.yml index 8368a0f80b5..d2f7ec062f9 100644 --- a/packages/ti_abusech/manifest.yml +++ b/packages/ti_abusech/manifest.yml @@ -1,6 +1,6 @@ name: ti_abusech title: AbuseCH -version: 1.2.3 +version: 1.3.0 release: ga description: Collect threat intelligence from AbuseCH API with Elastic Agent. type: integration diff --git a/packages/ti_anomali/_dev/build/build.yml b/packages/ti_anomali/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_anomali/_dev/build/build.yml +++ b/packages/ti_anomali/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 4dc68d72e12..86f6baba9a9 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.3" changes: - description: Add mapping for event.created diff --git a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json index 7bd5f18eae8..1ad4d4e3895 100644 --- a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json +++ b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json @@ -21,11 +21,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011387759Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:57.431Z\",\"description\":\"TS ID: 55241332361; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--44c85d4f-45ca-4977-b693-c810bbfb7a28\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T02:58:57.431Z\",\"name\":\"mal_url: http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:57.431Z\"}", "type": "indicator" @@ -73,11 +72,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011413357Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:57.503Z\",\"description\":\"TS ID: 55241332307; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--f9fe5c81-6869-4247-af81-62b7c8aba209\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-22T02:58:57.503Z\",\"name\":\"mal_url: http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:57.503Z\"}", "type": "indicator" @@ -125,11 +123,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011420050Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:57.57Z\",\"description\":\"TS ID: 55241332302; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--b0e14122-9005-4776-99fc-00872476c6d1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-01-22T02:58:57.57Z\",\"name\":\"mal_url: http://f0387770.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387770.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:57.57Z\"}", "type": "indicator" @@ -176,11 +173,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011425089Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:59.366Z\",\"description\":\"TS ID: 55241332312; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime\",\"id\":\"indicator--111ec76f-616d-4aa8-80fd-e11ef0066aba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-50\"],\"modified\":\"2020-01-22T02:58:59.366Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:59.366Z\"}", "type": "indicator" @@ -227,11 +223,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011430028Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:59.457Z\",\"description\":\"TS ID: 55241332386; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--189ce776-6d7e-4e85-9222-de5876644988\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-66\"],\"modified\":\"2020-01-22T02:58:59.457Z\",\"name\":\"mal_url: http://appareluea.com/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://appareluea.com/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:59.457Z\"}", "type": "indicator" @@ -279,11 +274,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011434487Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:06.402Z\",\"description\":\"TS ID: 55241332391; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--a4144d34-b86d-475e-8047-eb46b48ee325\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-22T02:59:06.402Z\",\"name\":\"mal_url: http://nkpotu.xyz/Kpot3/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nkpotu.xyz/Kpot3/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:06.402Z\"}", "type": "indicator" @@ -331,11 +325,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011438815Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:19.99Z\",\"description\":\"TS ID: 55241332372; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime\",\"id\":\"indicator--983d9c3d-b7f8-4345-b643-b1d18e6ac6b2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-49\"],\"modified\":\"2020-01-22T02:59:19.99Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:19.99Z\"}", "type": "indicator" @@ -376,11 +369,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011443223Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:20.155Z\",\"description\":\"TS ID: 55241332313; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--f9c6386b-dba2-41f9-8160-d307671e5c8e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-01-22T02:59:20.155Z\",\"name\":\"mal_url: http://ntrcgroup.com/nze/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ntrcgroup.com/nze/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:20.155Z\"}", "type": "indicator" @@ -428,11 +420,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011447501Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:25.521Z\",\"description\":\"TS ID: 55241332350; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--98fad53e-5389-47f7-a3ff-44d334af2d6b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T02:59:25.521Z\",\"name\":\"mal_url: http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:25.521Z\"}", "type": "indicator" @@ -480,11 +471,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011451559Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:25.626Z\",\"description\":\"TS ID: 55241332291; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--76c01735-fb76-463d-9609-9ea3aedf3f4f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-22T02:59:25.626Z\",\"name\":\"mal_url: http://f0390764.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0390764.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:25.626Z\"}", "type": "indicator" @@ -531,11 +521,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011457780Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:36.461Z\",\"description\":\"TS ID: 55241332343; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--e0a812dc-63c8-4949-b038-2241b2dbfcdc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-01-22T02:59:36.461Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:36.461Z\"}", "type": "indicator" @@ -576,11 +565,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011463341Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:41.193Z\",\"description\":\"TS ID: 55241332316; iType: mal_url; State: active; Org: Sksa Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--6f0d8607-21cb-4738-9712-f4fd91a37f7d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-22T02:59:41.193Z\",\"name\":\"mal_url: http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:41.193Z\"}", "type": "indicator" @@ -628,11 +616,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011469042Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:41.228Z\",\"description\":\"TS ID: 55241332284; iType: mal_url; State: active; Org: Oltelecom Jsc; Source: CyberCrime\",\"id\":\"indicator--c649d6d4-87c4-4b76-bfc2-75a509ccb187\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-01-22T02:59:41.228Z\",\"name\":\"mal_url: http://89.160.20.156/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:41.228Z\"}", "type": "indicator" @@ -679,11 +666,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011473430Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:51.313Z\",\"description\":\"TS ID: 55241332337; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--408ebd2d-063f-4646-b2e7-c00519869736\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-01-22T02:59:51.313Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:51.313Z\"}", "type": "indicator" @@ -724,11 +710,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011477888Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:51.372Z\",\"description\":\"TS ID: 55241332324; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--e1d215cb-c7a5-40e0-bc53-8f92a2bcaba8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-38\"],\"modified\":\"2020-01-22T02:59:51.372Z\",\"name\":\"mal_ip: 192.168.119.172\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '192.168.119.172']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:51.372Z\"}", "type": "indicator" @@ -769,11 +754,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011482216Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:51.442Z\",\"description\":\"TS ID: 55241332296; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--6f3a4a2b-62e3-48ef-94ae-70103f09cf7e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-01-22T02:59:51.442Z\",\"name\":\"mal_url: http://f0389246.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0389246.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:51.442Z\"}", "type": "indicator" @@ -820,11 +804,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011486594Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:01.563Z\",\"description\":\"TS ID: 55241332400; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--213519c9-f511-4188-89c8-159f35f08008\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-66\"],\"modified\":\"2020-01-22T03:00:01.563Z\",\"name\":\"mal_url: http://appareluea.com/server/cp.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://appareluea.com/server/cp.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:01.563Z\"}", "type": "indicator" @@ -872,11 +855,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011491003Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:03.138Z\",\"description\":\"TS ID: 55241332396; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--5a563c85-c528-4e33-babe-2dcff34f73c4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-22T03:00:03.138Z\",\"name\":\"mal_url: http://nkpotu.xyz/Kpot2/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nkpotu.xyz/Kpot2/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:03.138Z\"}", "type": "indicator" @@ -924,11 +906,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011495291Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:03.396Z\",\"description\":\"TS ID: 55241332363; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--f3e33aab-e2af-4c15-8cb9-f008a37cf986\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T03:00:03.396Z\",\"name\":\"mal_url: http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:03.396Z\"}", "type": "indicator" @@ -976,11 +957,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011499549Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:03.642Z\",\"description\":\"TS ID: 55241332320; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--f03f098d-2fa9-49e1-a7dd-02518aa105fa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-22T03:00:03.642Z\",\"name\":\"mal_url: http://mecharnise.ir/ca4/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mecharnise.ir/ca4/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:03.642Z\"}", "type": "indicator" @@ -1028,11 +1008,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011503907Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:27.534Z\",\"description\":\"TS ID: 55241332367; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--e72e3ba0-7de5-46bb-ab1e-efdf3e0a0b3b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T03:00:27.534Z\",\"name\":\"mal_url: http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:27.534Z\"}", "type": "indicator" @@ -1080,11 +1059,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011508305Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:27.591Z\",\"description\":\"TS ID: 55241332317; iType: mal_url; State: active; Org: SoftLayer Technologies; Source: CyberCrime\",\"id\":\"indicator--d6b59b66-5020-4368-85a7-196026856ea9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-78\"],\"modified\":\"2020-01-22T03:00:27.591Z\",\"name\":\"mal_url: http://kironofer.com/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kironofer.com/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:27.591Z\"}", "type": "indicator" @@ -1132,11 +1110,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011512573Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:45.787Z\",\"description\":\"TS ID: 55241332309; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--aff7b07f-acc7-4bec-ab19-1fce972bfd09\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-22T03:00:45.787Z\",\"name\":\"mal_url: http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:45.787Z\"}", "type": "indicator" @@ -1184,11 +1161,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011516711Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:45.841Z\",\"description\":\"TS ID: 55241332286; iType: mal_url; State: active; Org: Garanntor-Hosting; Source: CyberCrime\",\"id\":\"indicator--ba71ba3a-1efd-40da-ab0d-f4397d6fc337\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-22T03:00:45.841Z\",\"name\":\"mal_url: http://smartlinktelecom.top/kings/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://smartlinktelecom.top/kings/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:45.841Z\"}", "type": "indicator" @@ -1236,11 +1212,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011520728Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:45.959Z\",\"description\":\"TS ID: 55241332339; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--17777e7f-3e91-4446-a43d-79139de8a948\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-01-22T03:00:45.959Z\",\"name\":\"mal_url: http://carirero.net/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://carirero.net/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:45.959Z\"}", "type": "indicator" @@ -1288,11 +1263,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011524996Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:46.025Z\",\"description\":\"TS ID: 55241332319; iType: mal_ip; State: active; Org: SoftLayer Technologies; Source: CyberCrime\",\"id\":\"indicator--f6be1804-cfe4-4f41-9338-2b65f5b1dda1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-30\"],\"modified\":\"2020-01-22T03:00:46.025Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:46.025Z\"}", "type": "indicator" @@ -1333,11 +1307,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011529104Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:57.729Z\",\"description\":\"TS ID: 55241332305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--b4fd8489-9589-4f70-996c-84989245a21b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-43\"],\"modified\":\"2020-01-22T03:00:57.729Z\",\"name\":\"mal_url: http://tuu.nu/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tuu.nu/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:57.729Z\"}", "type": "indicator" @@ -1384,11 +1357,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011533392Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:02.696Z\",\"description\":\"TS ID: 55241332346; iType: mal_url; State: active; Org: Ifx Networks Colombia; Source: CyberCrime\",\"id\":\"indicator--bc50c62f-a015-4460-87df-2137626877e3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-36\"],\"modified\":\"2020-01-22T03:01:02.696Z\",\"name\":\"mal_url: http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:02.696Z\"}", "type": "indicator" @@ -1436,11 +1408,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011606119Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:02.807Z\",\"description\":\"TS ID: 55241332323; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--2765af4b-bfb7-4ac8-82d2-ab6ed8a52461\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-01-22T03:01:02.807Z\",\"name\":\"mal_url: http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:02.807Z\"}", "type": "indicator" @@ -1488,11 +1459,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011624363Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:24.81Z\",\"description\":\"TS ID: 55241332399; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--9c0e63a1-c32a-470a-bf09-51488e239c63\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-22T03:01:24.81Z\",\"name\":\"mal_url: http://nkpotu.xyz/Kpot1/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nkpotu.xyz/Kpot1/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:24.81Z\"}", "type": "indicator" @@ -1540,11 +1510,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011631636Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:41.158Z\",\"description\":\"TS ID: 55241332328; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--8047678e-20be-4116-9bc4-7bb7c26554e0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-22T03:01:41.158Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:41.158Z\"}", "type": "indicator" @@ -1585,11 +1554,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011637628Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:57.189Z\",\"description\":\"TS ID: 55241332377; iType: mal_url; State: active; Org: A100 ROW GmbH; Source: CyberCrime\",\"id\":\"indicator--c57a880c-1ce0-45de-9bab-fb2910454a61\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-01-22T03:01:57.189Z\",\"name\":\"mal_url: http://35.158.92.3/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://35.158.92.3/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:57.189Z\"}", "type": "indicator" @@ -1637,11 +1605,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011643889Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:57.279Z\",\"description\":\"TS ID: 55241332101; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--6056152c-0fa5-4e34-871a-3c8990f1ee46\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-42\"],\"modified\":\"2020-01-22T03:01:57.279Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:57.279Z\"}", "type": "indicator" @@ -1682,11 +1649,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011649600Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:02:50.57Z\",\"description\":\"TS ID: 55241332357; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--23215acb-4989-4434-ac6d-8f9367734f0f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T03:02:50.57Z\",\"name\":\"mal_url: http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:02:50.57Z\"}", "type": "indicator" @@ -1734,11 +1700,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011655551Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:02:52.496Z\",\"description\":\"TS ID: 55241332289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--452ece92-9ff2-4f99-8a7f-fd614ebea8cf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-26\"],\"modified\":\"2020-01-22T03:02:52.496Z\",\"name\":\"mal_url: http://f0391600.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391600.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:02:52.496Z\"}", "type": "indicator" @@ -1785,11 +1750,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011660951Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:03:42.819Z\",\"description\":\"TS ID: 55241332334; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--10958d74-ec60-41af-a1ab-1613257e670f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-01-22T03:03:42.819Z\",\"name\":\"mal_url: http://extraclick.space/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://extraclick.space/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:03:42.819Z\"}", "type": "indicator" @@ -1837,11 +1801,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011666281Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:03:52.044Z\",\"description\":\"TS ID: 55241332326; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--19556daa-6293-400d-8706-d0baa6b16b7a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-22T03:03:52.044Z\",\"name\":\"mal_url: http://petrogarmani.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://petrogarmani.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:03:52.044Z\"}", "type": "indicator" @@ -1889,11 +1852,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011671551Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:04:01.65Z\",\"description\":\"TS ID: 55241332311; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--b09d9be9-6703-4a7d-a066-2baebb6418fc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-22T03:04:01.65Z\",\"name\":\"mal_url: http://worldatdoor.in/mighty/32/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/mighty/32/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:04:01.65Z\"}", "type": "indicator" @@ -1941,11 +1903,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011678825Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:04:32.717Z\",\"description\":\"TS ID: 55241332341; iType: mal_url; State: active; Org: Institute of Philosophy, Russian Academy of Scienc; Source: CyberCrime\",\"id\":\"indicator--43febf7d-4185-4a12-a868-e7be690b14aa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-01-22T03:04:32.717Z\",\"name\":\"mal_url: http://zanlma.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://zanlma.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:04:32.717Z\"}", "type": "indicator" @@ -1992,11 +1953,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011685017Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:04:56.858Z\",\"description\":\"TS ID: 55241332303; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--a34728e6-f91d-47e6-a4d8-a69176299e45\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-22T03:04:56.858Z\",\"name\":\"mal_url: http://f0369688.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0369688.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:04:56.858Z\"}", "type": "indicator" @@ -2043,11 +2003,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011691108Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:04:59.245Z\",\"description\":\"TS ID: 55241332380; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ac821704-5eb2-4f8f-a8b6-2a168dbd0e54\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T03:04:59.245Z\",\"name\":\"mal_url: http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:04:59.245Z\"}", "type": "indicator" @@ -2095,11 +2054,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011697610Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:00:22.287Z\",\"description\":\"TS ID: 55245868747; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--0d3e1bd8-0f16-4c22-b8a1-663ec255ad79\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-57\"],\"modified\":\"2020-01-23T03:00:22.287Z\",\"name\":\"mal_ip: 192.168.214.199\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '192.168.214.199']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:00:22.287Z\"}", "type": "indicator" @@ -2140,11 +2098,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011703291Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:01:11.329Z\",\"description\":\"TS ID: 55245868770; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime\",\"id\":\"indicator--2cdd130a-c884-402d-b63c-e03f9448f5d9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-01-23T03:01:11.329Z\",\"name\":\"mal_url: http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:01:11.329Z\"}", "type": "indicator" @@ -2192,11 +2149,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011708861Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:01:36.682Z\",\"description\":\"TS ID: 55245868769; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--88e98e13-4bfd-4188-941a-f696a7b86b71\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-01-23T03:01:36.682Z\",\"name\":\"mal_url: http://imobiliariatirol.com/gh/panelnew/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://imobiliariatirol.com/gh/panelnew/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:01:36.682Z\"}", "type": "indicator" @@ -2244,11 +2200,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011714171Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:02:15.854Z\",\"description\":\"TS ID: 55245868772; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--27323b7d-85d3-4e89-8249-b7696925a772\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-23T03:02:15.854Z\",\"name\":\"mal_url: http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:02:15.854Z\"}", "type": "indicator" @@ -2296,11 +2251,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011719251Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:02:47.364Z\",\"description\":\"TS ID: 55245868766; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--b0639721-de55-48c6-b237-3859d61aecfb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-01-23T03:02:47.364Z\",\"name\":\"mal_url: http://f0392261.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0392261.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:02:47.364Z\"}", "type": "indicator" @@ -2347,11 +2301,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011724160Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:03:05.048Z\",\"description\":\"TS ID: 55245868749; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--677e714d-c237-42a1-b6b7-9145acd13eee\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-01-23T03:03:05.048Z\",\"name\":\"mal_url: http://89.160.20.156/panel/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:03:05.048Z\"}", "type": "indicator" @@ -2399,11 +2352,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011728829Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:03:15.734Z\",\"description\":\"TS ID: 55245868767; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--5baa1dbd-d74e-408c-92b5-0a9f97e4b87a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-01-23T03:03:15.734Z\",\"name\":\"mal_url: http://f0387404.xsph.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387404.xsph.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:03:15.734Z\"}", "type": "indicator" @@ -2451,11 +2403,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011733548Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:03:42.599Z\",\"description\":\"TS ID: 55245868768; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--4563241e-5d2f-41a7-adb9-3925a5eeb1b1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-01-23T03:03:42.599Z\",\"name\":\"mal_url: http://a0386457.xsph.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://a0386457.xsph.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:03:42.599Z\"}", "type": "indicator" @@ -2503,11 +2454,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011738657Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:04.821Z\",\"description\":\"TS ID: 55250078037; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--70cb5d42-91d3-4efe-8c47-995fc0ac4141\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-24T02:57:04.821Z\",\"name\":\"mal_url: http://defenseisrael.com/dis/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://defenseisrael.com/dis/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:04.821Z\"}", "type": "indicator" @@ -2555,11 +2505,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011742965Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:04.857Z\",\"description\":\"TS ID: 55250078030; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--3aa712bb-b5d4-4632-bf50-48a4aeeaeb6d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-24T02:57:04.857Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:04.857Z\"}", "type": "indicator" @@ -2600,11 +2549,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011747183Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:04.883Z\",\"description\":\"TS ID: 55250078019; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--64227c7d-86ea-4146-a868-3decb5aa5f1d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-01-24T02:57:04.883Z\",\"name\":\"mal_url: http://lbfb3f03.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lbfb3f03.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:04.883Z\"}", "type": "indicator" @@ -2651,11 +2599,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011751762Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:12.997Z\",\"description\":\"TS ID: 55250078035; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--37fcf9a7-1a90-4d81-be0a-e824a4fa938e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-24T02:57:12.997Z\",\"name\":\"mal_url: http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:12.997Z\"}", "type": "indicator" @@ -2703,11 +2650,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011756170Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:13.025Z\",\"description\":\"TS ID: 55250078008; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--5a38786f-107e-4060-a7c9-ea8a5ded6aac\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-24T02:57:13.025Z\",\"name\":\"mal_url: http://199.192.168.11/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://199.192.168.11/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:13.025Z\"}", "type": "indicator" @@ -2755,11 +2701,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011760308Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:32.901Z\",\"description\":\"TS ID: 55250078038; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--3eb79b31-1d6d-438c-a848-24a3407f6e32\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-24T02:57:32.901Z\",\"name\":\"mal_url: http://89.160.20.156/aW8bVds1/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/aW8bVds1/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:32.901Z\"}", "type": "indicator" @@ -2807,11 +2752,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011765037Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:32.929Z\",\"description\":\"TS ID: 55250078026; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--a050832c-db6e-49a0-8470-7a3cd8f17178\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-24T02:57:32.929Z\",\"name\":\"mal_url: http://lansome.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lansome.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:32.929Z\"}", "type": "indicator" @@ -2858,11 +2802,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011770347Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:49.028Z\",\"description\":\"TS ID: 55250078034; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--e88008f4-76fc-428d-831a-4b389e48b712\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-24T02:57:49.028Z\",\"name\":\"mal_url: http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:49.028Z\"}", "type": "indicator" @@ -2910,11 +2853,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011775847Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:03.345Z\",\"description\":\"TS ID: 55250078032; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--dafe91cf-787c-471c-9afe-f7bb20a1b93f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-01-24T02:58:03.345Z\",\"name\":\"mal_url: http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:03.345Z\"}", "type": "indicator" @@ -2962,11 +2904,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011780756Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:16.318Z\",\"description\":\"TS ID: 55250078031; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--232bdc34-44cb-4f41-af52-f6f1cd28818e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-24T02:58:16.318Z\",\"name\":\"mal_url: http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:16.318Z\"}", "type": "indicator" @@ -3014,11 +2955,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011785645Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:16.358Z\",\"description\":\"TS ID: 55250078027; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--4adabe80-3be4-401a-948a-f9724c872374\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-66\"],\"modified\":\"2020-01-24T02:58:16.358Z\",\"name\":\"mal_url: http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:16.358Z\"}", "type": "indicator" @@ -3066,11 +3006,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011789733Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:32.126Z\",\"description\":\"TS ID: 55250078013; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--1d7051c0-a42b-4801-bd7f-f0abf2cc125c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-24T02:58:32.126Z\",\"name\":\"mal_url: http://suspiciousactivity.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://suspiciousactivity.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:32.126Z\"}", "type": "indicator" @@ -3117,11 +3056,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011793790Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:37.603Z\",\"description\":\"TS ID: 55250078017; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--fb06856c-8aad-4fae-92fc-b73aae4f6dc7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-24T02:58:37.603Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:37.603Z\"}", "type": "indicator" @@ -3168,11 +3106,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011848363Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:37.643Z\",\"description\":\"TS ID: 55250078012; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--33e674f5-a64a-48f4-9d8c-248348356135\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-01-24T02:58:37.643Z\",\"name\":\"mal_url: http://f0387550.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387550.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:37.643Z\"}", "type": "indicator" @@ -3219,11 +3156,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011857239Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:39.465Z\",\"description\":\"TS ID: 55250078018; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--6311f539-1d5d-423f-a238-d0c1dc167432\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-24T02:58:39.465Z\",\"name\":\"mal_url: http://lf4e4abf.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lf4e4abf.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:39.465Z\"}", "type": "indicator" @@ -3270,11 +3206,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011937229Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:02.031Z\",\"description\":\"TS ID: 55250078033; iType: mal_ip; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--1c91f219-cfa6-44c7-a5ee-1c760489b43c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-24T02:59:02.031Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:02.031Z\"}", "type": "indicator" @@ -3315,11 +3250,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011949492Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:15.878Z\",\"description\":\"TS ID: 55250078010; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime\",\"id\":\"indicator--c58983e2-18fd-47b8-aab4-6c8a2e2dcb35\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-01-24T02:59:15.878Z\",\"name\":\"mal_url: http://67.215.224.101/a1/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://67.215.224.101/a1/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:15.878Z\"}", "type": "indicator" @@ -3367,11 +3301,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011956095Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:29.155Z\",\"description\":\"TS ID: 55250078000; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--1ab178a8-7991-4879-b9aa-8da49f40e92e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-01-24T02:59:29.155Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:29.155Z\"}", "type": "indicator" @@ -3412,11 +3345,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011961836Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:50.233Z\",\"description\":\"TS ID: 55250078020; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--d5bdff38-6939-4a47-8e11-b910520565c4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-78\"],\"modified\":\"2020-01-24T02:59:50.233Z\",\"name\":\"mal_url: http://l60bdd58.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l60bdd58.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:50.233Z\"}", "type": "indicator" @@ -3463,11 +3395,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011968728Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:50.255Z\",\"description\":\"TS ID: 55250078009; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--1be74977-5aa6-4175-99dd-32b54863a06b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-25\"],\"modified\":\"2020-01-24T02:59:50.255Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.azma/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.azma/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:50.255Z\"}", "type": "indicator" @@ -3515,11 +3446,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011974730Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:52.536Z\",\"description\":\"TS ID: 55250078023; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--eacc25ce-584c-4b40-98ab-7935dabd5cb1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-78\"],\"modified\":\"2020-01-24T02:59:52.536Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:52.536Z\"}", "type": "indicator" @@ -3566,11 +3496,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011980370Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:54.784Z\",\"description\":\"TS ID: 55250078025; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--504f4011-eaea-4921-aad5-f102bef7c798\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-01-24T02:59:54.784Z\",\"name\":\"mal_url: http://trotdeiman.ga/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trotdeiman.ga/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:54.784Z\"}", "type": "indicator" @@ -3617,11 +3546,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011986111Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:54.815Z\",\"description\":\"TS ID: 55250078014; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--e3ffb953-6c59-461a-8242-0d26c2b5c358\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-24T02:59:54.815Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:54.815Z\"}", "type": "indicator" @@ -3662,11 +3590,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011991511Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:01.726Z\",\"description\":\"TS ID: 55250078036; iType: mal_ip; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--3a47ad46-930d-4ced-b0e7-dc9d0776153e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-24T03:00:01.726Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:01.726Z\"}", "type": "indicator" @@ -3707,11 +3634,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.011997442Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:01.762Z\",\"description\":\"TS ID: 55250078011; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--0e10924c-745c-4a58-8e27-ab3a6bacd666\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-01-24T03:00:01.762Z\",\"name\":\"mal_url: http://tavim.org/includes/firmino/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tavim.org/includes/firmino/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:01.762Z\"}", "type": "indicator" @@ -3759,11 +3685,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.012002933Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:10.928Z\",\"description\":\"TS ID: 55250078015; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--c3fb816a-cc3b-4442-be4d-d62113ae5168\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-24T03:00:10.928Z\",\"name\":\"mal_url: http://onlinesecuritycenter.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://onlinesecuritycenter.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:10.928Z\"}", "type": "indicator" @@ -3810,11 +3735,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.012008483Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:20.166Z\",\"description\":\"TS ID: 55250078029; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--9159e46d-f3a4-464b-ac68-8beaf87e1a8f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-24T03:00:20.166Z\",\"name\":\"mal_url: http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:20.166Z\"}", "type": "indicator" @@ -3862,11 +3786,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.012014224Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:24.048Z\",\"description\":\"TS ID: 55250078016; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--fefa8e76-ae0f-41ab-84e7-ea43ab055573\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-24T03:00:24.048Z\",\"name\":\"mal_url: http://jumbajumbadun.fun/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jumbajumbadun.fun/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:24.048Z\"}", "type": "indicator" @@ -3913,11 +3836,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.012020235Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:55.816Z\",\"description\":\"TS ID: 55250078024; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--6a76fa89-4d5f-40d0-9b03-671bdb2d5b4b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-01-24T03:00:55.816Z\",\"name\":\"mal_url: http://tavim.org/includes/salah/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tavim.org/includes/salah/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:55.816Z\"}", "type": "indicator" @@ -3965,11 +3887,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.012026086Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:01:10.501Z\",\"description\":\"TS ID: 55250078022; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--21055dfd-d0cb-42ec-93bd-ffaeadd11d80\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-01-24T03:01:10.501Z\",\"name\":\"mal_url: http://l0c23205.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l0c23205.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:01:10.501Z\"}", "type": "indicator" @@ -4016,11 +3937,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.012031787Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:01:10.518Z\",\"description\":\"TS ID: 55250078021; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--7471a595-e8b0-4c41-be4c-0a3e55675630\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-24T03:01:10.518Z\",\"name\":\"mal_url: http://l535e9e5.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l535e9e5.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:01:10.518Z\"}", "type": "indicator" @@ -4067,11 +3987,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.012041154Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:01:14.843Z\",\"description\":\"TS ID: 55250078007; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--ead1e7e5-fdb3-47c2-9476-aa82741c038e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-24T03:01:14.843Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:01:14.843Z\"}", "type": "indicator" @@ -4112,11 +4031,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.012046584Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:12.699Z\",\"description\":\"TS ID: 55253484365; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime\",\"id\":\"indicator--b0aee6bf-32f4-4f65-8de6-f65e04e92b15\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-25T02:57:12.699Z\",\"name\":\"mal_url: http://89.160.20.156/northon/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/northon/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:12.699Z\"}", "type": "indicator" @@ -4163,11 +4081,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013827874Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:28.034Z\",\"description\":\"TS ID: 55253484350; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--54afbceb-72f3-484e-aee4-904f77beeff6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-25T02:57:28.034Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:28.034Z\"}", "type": "indicator" @@ -4214,11 +4131,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013841891Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:38.187Z\",\"description\":\"TS ID: 55253484356; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--da030e10-af9f-462d-bda8-33abb223e950\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:57:38.187Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/scan/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/scan/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:38.187Z\"}", "type": "indicator" @@ -4266,11 +4182,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013847982Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:38.214Z\",\"description\":\"TS ID: 55253484343; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--d38e051a-bc5b-4723-884a-65e017d98299\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-01-25T02:57:38.214Z\",\"name\":\"mal_url: http://f0391587.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391587.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:38.214Z\"}", "type": "indicator" @@ -4317,11 +4232,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013854224Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:47.281Z\",\"description\":\"TS ID: 55253484367; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime\",\"id\":\"indicator--46491826-6ba1-4217-a35e-1eb0081a9e6a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-25T02:57:47.281Z\",\"name\":\"mal_url: http://89.160.20.156:8080/northon/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156:8080/northon/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:47.281Z\"}", "type": "indicator" @@ -4369,11 +4283,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013859985Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:51.296Z\",\"description\":\"TS ID: 55253484342; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--b9715fd5-b89a-4859-b19f-55e052709227\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-01-25T02:57:51.296Z\",\"name\":\"mal_url: http://f0393086.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0393086.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:51.296Z\"}", "type": "indicator" @@ -4420,11 +4333,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013865355Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:56.007Z\",\"description\":\"TS ID: 55253484363; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--e3177515-f481-46c8-bad8-582ba0858ef3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-25T02:57:56.007Z\",\"name\":\"mal_url: http://insuncos.com/files1/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://insuncos.com/files1/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:56.007Z\"}", "type": "indicator" @@ -4472,11 +4384,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013869653Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:56.044Z\",\"description\":\"TS ID: 55253484339; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime\",\"id\":\"indicator--33cdeaeb-5201-4fbb-b9ae-9c23377e7533\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:57:56.044Z\",\"name\":\"mal_url: http://tg-h.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tg-h.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:56.044Z\"}", "type": "indicator" @@ -4523,11 +4434,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013874011Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:11.038Z\",\"description\":\"TS ID: 55253484351; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--2baaa5f0-c2f6-4bd1-b59d-3a75931da735\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-25T02:58:11.038Z\",\"name\":\"mal_url: http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:11.038Z\"}", "type": "indicator" @@ -4575,11 +4485,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013878389Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:20.42Z\",\"description\":\"TS ID: 55253484366; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime\",\"id\":\"indicator--f1bdef49-666f-46b5-a323-efa1f1446b62\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-01-25T02:58:20.42Z\",\"name\":\"mal_url: http://89.160.20.156/northon/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/northon/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:20.42Z\"}", "type": "indicator" @@ -4626,11 +4535,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013882848Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:20.448Z\",\"description\":\"TS ID: 55253484354; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--a173f4b1-67ce-44f8-a6d0-bd8a24e8c593\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-25T02:58:20.448Z\",\"name\":\"mal_url: http://topik07.mcdir.ru/papka/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://topik07.mcdir.ru/papka/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:20.448Z\"}", "type": "indicator" @@ -4678,11 +4586,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013887266Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:33.189Z\",\"description\":\"TS ID: 55253484362; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--b53dded1-d293-4cd1-9e63-b6e0cbd850f0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-25T02:58:33.189Z\",\"name\":\"mal_url: http://insuncos.com/files2/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://insuncos.com/files2/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:33.189Z\"}", "type": "indicator" @@ -4730,11 +4637,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013891884Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:49.056Z\",\"description\":\"TS ID: 55253484364; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime\",\"id\":\"indicator--2b30f8fe-13e8-4a7d-8eba-3e59c288bef7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-01-25T02:58:49.056Z\",\"name\":\"mal_url: http://89.160.20.156/kaspersky/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/kaspersky/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:49.056Z\"}", "type": "indicator" @@ -4781,11 +4687,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013895862Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:59.472Z\",\"description\":\"TS ID: 55253484357; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--f502199a-17a4-404b-a114-fb5eda28c32c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:58:59.472Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/mh/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/mh/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:59.472Z\"}", "type": "indicator" @@ -4833,11 +4738,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013899719Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:27.07Z\",\"description\":\"TS ID: 55253484359; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--af7422eb-5d8e-4878-bdd1-395313434dae\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:59:27.07Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/ch/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/ch/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:27.07Z\"}", "type": "indicator" @@ -4885,11 +4789,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013903426Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:28.967Z\",\"description\":\"TS ID: 55253484358; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--71b36c05-86dd-4685-81c0-5a99e2e14c23\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:59:28.967Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/dar/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/dar/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:28.967Z\"}", "type": "indicator" @@ -4937,11 +4840,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013907925Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:37.661Z\",\"description\":\"TS ID: 55253484352; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--9d948509-dfb4-45b6-b8bc-780df88a213f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-25T02:59:37.661Z\",\"name\":\"mal_url: http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:37.661Z\"}", "type": "indicator" @@ -4989,11 +4891,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013911611Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:37.692Z\",\"description\":\"TS ID: 55253484224; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--9f613f8e-2040-4eee-8044-044023a8093e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-01-25T02:59:37.692Z\",\"name\":\"mal_ip: 192.168.118.56\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '192.168.118.56']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:37.692Z\"}", "type": "indicator" @@ -5034,11 +4935,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013915479Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:54.296Z\",\"description\":\"TS ID: 55253484361; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--518c3959-6c26-413f-9a5f-c8f76d86185a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-25T02:59:54.296Z\",\"name\":\"mal_url: http://insuncos.com/files3/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://insuncos.com/files3/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:54.296Z\"}", "type": "indicator" @@ -5086,11 +4986,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013919316Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:57.748Z\",\"description\":\"TS ID: 55253484347; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--625b94ec-2304-4502-a2eb-59d52cdb9c1f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-01-25T02:59:57.748Z\",\"name\":\"mal_url: http://t95212tt.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://t95212tt.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:57.748Z\"}", "type": "indicator" @@ -5137,11 +5036,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013923183Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:00:22.168Z\",\"description\":\"TS ID: 55253484349; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--c8f76b97-051f-4fab-b57f-a57f37480aa0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-25T03:00:22.168Z\",\"name\":\"mal_url: http://kiototan.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kiototan.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:00:22.168Z\"}", "type": "indicator" @@ -5188,11 +5086,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013926930Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:00:27.279Z\",\"description\":\"TS ID: 55253484353; iType: mal_ip; State: active; Org: Com Telecom; Source: CyberCrime\",\"id\":\"indicator--7abc3f41-e952-481f-8bf7-7b52af05451f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-01-25T03:00:27.279Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:00:27.279Z\"}", "type": "indicator" @@ -5233,11 +5130,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013930657Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:00:29.248Z\",\"description\":\"TS ID: 55253484340; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--72334129-8d1c-4cac-bde6-2d5d6316e266\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-25T03:00:29.248Z\",\"name\":\"mal_url: http://newfoundfriend.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://newfoundfriend.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:00:29.248Z\"}", "type": "indicator" @@ -5284,11 +5180,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013934504Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:01:03.628Z\",\"description\":\"TS ID: 55253484360; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--a3f8f1e3-77c5-442d-a918-5d3d800a8357\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T03:01:03.628Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/bi/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/bi/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:01:03.628Z\"}", "type": "indicator" @@ -5336,11 +5231,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013938332Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:01:03.65Z\",\"description\":\"TS ID: 55253484355; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--49bac194-cefe-4c31-81eb-cc81a3a3bb26\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T03:01:03.65Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/vic/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/vic/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:01:03.65Z\"}", "type": "indicator" @@ -5388,11 +5282,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013942049Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:54:41.651Z\",\"description\":\"TS ID: 55256890160; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--ec5f9f49-249b-4fc4-bb91-849c892c7453\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:54:41.651Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:54:41.651Z\"}", "type": "indicator" @@ -5439,11 +5332,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013946246Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:54:41.675Z\",\"description\":\"TS ID: 55256890149; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--3e082be1-f6be-45f6-811b-5e63e2a596c5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-26T02:54:41.675Z\",\"name\":\"mal_url: http://privatepp.club/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://privatepp.club/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:54:41.675Z\"}", "type": "indicator" @@ -5490,11 +5382,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013950094Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:54:41.705Z\",\"description\":\"TS ID: 55256890147; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--95774d83-e0e1-45e4-ab1c-1bb27588fa92\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-26T02:54:41.705Z\",\"name\":\"mal_url: http://109.94.208.144/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://109.94.208.144/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:54:41.705Z\"}", "type": "indicator" @@ -5541,11 +5432,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013954131Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:15.583Z\",\"description\":\"TS ID: 55256890123; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--0149e0f7-629c-41c5-a1e7-144b3c22d362\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-32\"],\"modified\":\"2020-01-26T02:55:15.583Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:15.583Z\"}", "type": "indicator" @@ -5593,11 +5483,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013958259Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:15.785Z\",\"description\":\"TS ID: 55256890140; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime\",\"id\":\"indicator--751f6e49-92d5-4ff4-9245-870a49dce478\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:55:15.785Z\",\"name\":\"mal_url: http://molmarsl.com/leks/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://molmarsl.com/leks/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:15.785Z\"}", "type": "indicator" @@ -5645,11 +5534,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013962086Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:22.112Z\",\"description\":\"TS ID: 55256890166; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--e0bdcebe-2f97-4f8f-ad51-0b0c06b5071c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:55:22.112Z\",\"name\":\"mal_url: http://pecunia110011.at/iteat/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pecunia110011.at/iteat/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:22.112Z\"}", "type": "indicator" @@ -5696,11 +5584,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013965943Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:31.348Z\",\"description\":\"TS ID: 55256890144; iType: mal_url; State: active; Org: Telecommunication Systems, LLC; Source: CyberCrime\",\"id\":\"indicator--82f02b81-cfae-4bee-b85d-daf900c93936\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-01-26T02:55:31.348Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:31.348Z\"}", "type": "indicator" @@ -5747,11 +5634,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013969871Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:32.119Z\",\"description\":\"TS ID: 55256890158; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--1e540e5a-6fa3-4758-ab61-0d7692fb3d96\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-26T02:55:32.119Z\",\"name\":\"mal_url: http://jor1.berbagsansa.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jor1.berbagsansa.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:32.119Z\"}", "type": "indicator" @@ -5798,11 +5684,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013973738Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.623Z\",\"description\":\"TS ID: 55256890152; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--cbfc3b5d-645b-4114-ab89-7ab5b745d230\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-48\"],\"modified\":\"2020-01-26T02:55:33.623Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.623Z\"}", "type": "indicator" @@ -5849,11 +5734,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013977505Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.646Z\",\"description\":\"TS ID: 55256890143; iType: mal_url; State: active; Org: Offshore Racks S.A; Source: CyberCrime\",\"id\":\"indicator--f4cf51da-17db-4d9b-bb65-efeb1373f01b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-21\"],\"modified\":\"2020-01-26T02:55:33.646Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.646Z\"}", "type": "indicator" @@ -5900,11 +5784,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013981282Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.681Z\",\"description\":\"TS ID: 55256890162; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--6e4e6382-002d-473a-a635-cc00d4917353\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-26T02:55:33.681Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.681Z\"}", "type": "indicator" @@ -5951,11 +5834,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013985370Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.738Z\",\"description\":\"TS ID: 55256890138; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--33552aa0-5a5a-47a6-b529-a810dcf8c9af\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-28\"],\"modified\":\"2020-01-26T02:55:33.738Z\",\"name\":\"mal_url: http://aboutworld.info/manage/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aboutworld.info/manage/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.738Z\"}", "type": "indicator" @@ -6003,11 +5885,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.013989207Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.959Z\",\"description\":\"TS ID: 55256890146; iType: mal_url; State: active; Org: Dzinet Ltd.; Source: CyberCrime\",\"id\":\"indicator--cd8459e5-367f-46b2-91e7-9893c766091a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-26T02:55:33.959Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.959Z\"}", "type": "indicator" @@ -6054,11 +5935,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014029472Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.984Z\",\"description\":\"TS ID: 55256890128; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--274a9145-93f7-4146-a879-68fce2fc1188\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-26T02:55:33.984Z\",\"name\":\"mal_url: http://10121.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://10121.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.984Z\"}", "type": "indicator" @@ -6105,11 +5985,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014039441Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:34.637Z\",\"description\":\"TS ID: 55256890132; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--ea0abbe1-3033-4549-8ba0-626f43807986\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-26T02:55:34.637Z\",\"name\":\"mal_url: http://1926.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://1926.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:34.637Z\"}", "type": "indicator" @@ -6156,11 +6035,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014044581Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:44.765Z\",\"description\":\"TS ID: 55256890120; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--c7c3a0d7-fccd-4bc0-9011-a6c91f967402\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-26T02:55:44.765Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:44.765Z\"}", "type": "indicator" @@ -6201,11 +6079,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014048729Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:48.315Z\",\"description\":\"TS ID: 55256890150; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--383708ec-c15c-400a-94fc-40d6ac5ab8e3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:55:48.315Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:48.315Z\"}", "type": "indicator" @@ -6246,11 +6123,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014053027Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:48.35Z\",\"description\":\"TS ID: 55256890136; iType: mal_url; State: active; Org: GoDaddy.com, LLC; Source: CyberCrime\",\"id\":\"indicator--14c3d4da-f364-4af0-96ba-ce8959da560b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-26T02:55:48.35Z\",\"name\":\"mal_url: http://185-24-53-218.com/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://185-24-53-218.com/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:48.35Z\"}", "type": "indicator" @@ -6297,11 +6173,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014056974Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:58.711Z\",\"description\":\"TS ID: 55256890133; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--64655563-a4ad-4097-8cda-68c7bcc461f4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:55:58.711Z\",\"name\":\"mal_url: http://1410.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://1410.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:58.711Z\"}", "type": "indicator" @@ -6348,11 +6223,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014062154Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:23.739Z\",\"description\":\"TS ID: 55256890139; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime\",\"id\":\"indicator--5ab7883f-17c2-4cc7-b854-33f8d4bc6b1e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-01-26T02:56:23.739Z\",\"name\":\"mal_url: http://nortonlilly.info/geli/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/geli/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:23.739Z\"}", "type": "indicator" @@ -6400,11 +6274,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014068295Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:23.79Z\",\"description\":\"TS ID: 55256890131; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--3417c349-153d-4002-92dd-1093893f3180\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-26T02:56:23.79Z\",\"name\":\"mal_url: http://2208.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://2208.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:23.79Z\"}", "type": "indicator" @@ -6451,11 +6324,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014073755Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:23.857Z\",\"description\":\"TS ID: 55256890126; iType: mal_ip; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--00ae9f9a-03ce-415c-bb7a-49b6c486ac5d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-01-26T02:56:23.857Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:23.857Z\"}", "type": "indicator" @@ -6496,11 +6368,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014077863Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:29.981Z\",\"description\":\"TS ID: 55256890129; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--dba2c4a2-6ad5-455c-b14a-b437d32ef6a3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:56:29.981Z\",\"name\":\"mal_url: http://1012.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://1012.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:29.981Z\"}", "type": "indicator" @@ -6547,11 +6418,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014081861Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:32.609Z\",\"description\":\"TS ID: 55256890141; iType: mal_url; State: active; Org: H4Y Technologies LLC; Source: CyberCrime\",\"id\":\"indicator--5049f714-5462-4f8d-8b13-d95024d477ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-26T02:56:32.609Z\",\"name\":\"mal_url: http://coupondemo.dynamicinnovation.net/ren/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://coupondemo.dynamicinnovation.net/ren/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:32.609Z\"}", "type": "indicator" @@ -6599,11 +6469,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014085678Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:33.504Z\",\"description\":\"TS ID: 55256890156; iType: mal_url; State: active; Org: OVH SAS; Source: CyberCrime\",\"id\":\"indicator--b476b4e0-387e-4cc6-8b93-437e05c9099c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-26T02:56:33.504Z\",\"name\":\"mal_url: http://51.38.140.2/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://51.38.140.2/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:33.504Z\"}", "type": "indicator" @@ -6650,11 +6519,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014089545Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:37.688Z\",\"description\":\"TS ID: 55256890163; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime\",\"id\":\"indicator--27e994c3-5ee2-4f8b-9fc0-30ca4fc226ab\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-26T02:56:37.688Z\",\"name\":\"mal_url: http://baxarex228.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://baxarex228.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:37.688Z\"}", "type": "indicator" @@ -6701,11 +6569,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014093623Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:40.17Z\",\"description\":\"TS ID: 55256890124; iType: mal_ip; State: active; Org: Global Data Networks LLC; Source: CyberCrime\",\"id\":\"indicator--67020df4-8210-4e8f-afe0-4d44ccd8800d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-01-26T02:56:40.17Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:40.17Z\"}", "type": "indicator" @@ -6746,11 +6613,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014097400Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:49.862Z\",\"description\":\"TS ID: 55256890165; iType: mal_ip; State: active; Org: Tencent Building, Kejizhongyi Avenue; Source: CyberCrime\",\"id\":\"indicator--f57e1196-0c96-4988-89f9-0b9d7301b524\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-26T02:56:49.862Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:49.862Z\"}", "type": "indicator" @@ -6791,11 +6657,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014101167Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:49.9Z\",\"description\":\"TS ID: 55256890154; iType: mal_ip; State: active; Org: OVH SAS; Source: CyberCrime\",\"id\":\"indicator--9797500e-6f8d-444c-bc86-e8e4581de7ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-01-26T02:56:49.9Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:49.9Z\"}", "type": "indicator" @@ -6836,11 +6701,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014104994Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:49.93Z\",\"description\":\"TS ID: 55256890130; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--8fb33d6a-4ed9-4c5a-9a8e-d7fc7e77b9d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-01-26T02:56:49.93Z\",\"name\":\"mal_url: http://0409.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://0409.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:49.93Z\"}", "type": "indicator" @@ -6887,11 +6751,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014108901Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:03.544Z\",\"description\":\"TS ID: 55256890157; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--96012440-e95d-46f0-9b70-3f495f4bab32\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-26T02:57:03.544Z\",\"name\":\"mal_url: http://jor1.mirtakala.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jor1.mirtakala.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:03.544Z\"}", "type": "indicator" @@ -6938,11 +6801,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014112839Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:10.525Z\",\"description\":\"TS ID: 55256890151; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--707777c2-d621-4fc8-a44b-6ee28a712ff6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:57:10.525Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:10.525Z\"}", "type": "indicator" @@ -6989,11 +6851,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014116576Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:10.571Z\",\"description\":\"TS ID: 55256890135; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime\",\"id\":\"indicator--275f3354-1d9c-4167-9f1a-abb06bb0f138\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-01-26T02:57:10.571Z\",\"name\":\"mal_url: http://pnumbrero3.ru/soft/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pnumbrero3.ru/soft/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:10.571Z\"}", "type": "indicator" @@ -7041,11 +6902,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014120273Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:14.057Z\",\"description\":\"TS ID: 55256890127; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--b449e457-5327-40a2-8bda-0167c219490c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-26T02:57:14.057Z\",\"name\":\"mal_url: http://10122.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://10122.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:14.057Z\"}", "type": "indicator" @@ -7092,11 +6952,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014160879Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:26.003Z\",\"description\":\"TS ID: 55256890125; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--c8559f01-42c4-42f1-8464-e2e2e2af84d0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:57:26.003Z\",\"name\":\"mal_url: http://10123.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://10123.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:26.003Z\"}", "type": "indicator" @@ -7143,11 +7002,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014166940Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:30.579Z\",\"description\":\"TS ID: 55256890134; iType: mal_url; State: active; Org: Reg.Ru Hosting; Source: CyberCrime\",\"id\":\"indicator--5898c646-c44b-4365-9d82-77bb1705b6de\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-26T02:57:30.579Z\",\"name\":\"mal_url: http://u0929560.cp.regruhosting.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://u0929560.cp.regruhosting.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:30.579Z\"}", "type": "indicator" @@ -7195,11 +7053,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014171759Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:54:45.711Z\",\"description\":\"TS ID: 55259870663; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--f5e450ee-d6c5-4a92-bfb4-4f8025b8c7e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:54:45.711Z\",\"name\":\"mal_url: http://turames3.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turames3.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:54:45.711Z\"}", "type": "indicator" @@ -7246,11 +7103,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014175967Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:54:59.928Z\",\"description\":\"TS ID: 55259870666; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--05b6bf66-2f31-4640-9ecd-9f8a3408d594\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:54:59.928Z\",\"name\":\"mal_url: http://turames.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turames.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:54:59.928Z\"}", "type": "indicator" @@ -7297,11 +7153,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014180065Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:12.572Z\",\"description\":\"TS ID: 55259870784; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ff7fb9bd-e816-4a76-ae5c-72c22980c722\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:12.572Z\",\"name\":\"mal_url: http://bumaga5.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bumaga5.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:12.572Z\"}", "type": "indicator" @@ -7348,11 +7203,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014184042Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:14.232Z\",\"description\":\"TS ID: 55259870699; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--b0a1e3ec-d523-4e98-90d6-8ad3daa321d3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:14.232Z\",\"name\":\"mal_url: http://mogute.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mogute.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:14.232Z\"}", "type": "indicator" @@ -7399,11 +7253,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014187869Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:14.255Z\",\"description\":\"TS ID: 55259870694; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--92f0ba43-ec1f-4a37-b933-33ddd3da7e2f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:14.255Z\",\"name\":\"mal_url: http://moguto.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://moguto.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:14.255Z\"}", "type": "indicator" @@ -7450,11 +7303,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014191817Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:30.174Z\",\"description\":\"TS ID: 55259870793; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ea0af135-c3c0-4e4e-96d9-bdf1ebb9699e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:30.174Z\",\"name\":\"mal_url: http://bumaga1.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bumaga1.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:30.174Z\"}", "type": "indicator" @@ -7501,11 +7353,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014195684Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:30.287Z\",\"description\":\"TS ID: 55259870765; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--0de60f9b-7383-4c60-9caf-c578c3682487\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-01-27T02:55:30.287Z\",\"name\":\"mal_url: http://dufre1in.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufre1in.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:30.287Z\"}", "type": "indicator" @@ -7552,11 +7403,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014199501Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:30.319Z\",\"description\":\"TS ID: 55259870697; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--e8d57d94-82ce-4ce3-a983-d6928172d795\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:55:30.319Z\",\"name\":\"mal_url: http://moguti.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://moguti.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:30.319Z\"}", "type": "indicator" @@ -7603,11 +7453,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014203258Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:30.343Z\",\"description\":\"TS ID: 55259870654; iType: mal_url; State: active; Org: Lir Ukraine LLC; Source: CyberCrime\",\"id\":\"indicator--4b567c10-4d32-40e4-87fd-b4654de5bf6b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-27T02:55:30.343Z\",\"name\":\"mal_url: http://stcubegames.netxi.in/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://stcubegames.netxi.in/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:30.343Z\"}", "type": "indicator" @@ -7655,11 +7504,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014207156Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:34.56Z\",\"description\":\"TS ID: 55259870763; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ab82b31f-02c9-4d98-b49f-21ab18a48b1b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-27T02:55:34.56Z\",\"name\":\"mal_url: http://dufre3.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufre3.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:34.56Z\"}", "type": "indicator" @@ -7706,11 +7554,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014210933Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:34.609Z\",\"description\":\"TS ID: 55259870730; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--47a1bc0c-5444-4c92-a0f8-a51655dd84e5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:34.609Z\",\"name\":\"mal_url: http://merop12.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://merop12.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:34.609Z\"}", "type": "indicator" @@ -7757,11 +7604,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014214710Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:36.798Z\",\"description\":\"TS ID: 55259870681; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--e3ee6b9d-f8cd-42fa-8f51-bb0d54446734\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:55:36.798Z\",\"name\":\"mal_url: http://ramesvet.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ramesvet.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:36.798Z\"}", "type": "indicator" @@ -7808,11 +7654,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014218577Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:38.721Z\",\"description\":\"TS ID: 55259870761; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ce0e3226-1587-4fd1-bdd0-aa76c548e8df\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-27T02:55:38.721Z\",\"name\":\"mal_url: http://dufres.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufres.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:38.721Z\"}", "type": "indicator" @@ -7859,11 +7704,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014222274Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:45.512Z\",\"description\":\"TS ID: 55259870706; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--9c90ff74-a454-49c7-afa8-1339915ceac8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:55:45.512Z\",\"name\":\"mal_url: http://mogut3.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mogut3.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:45.512Z\"}", "type": "indicator" @@ -7910,11 +7754,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014226051Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:48.012Z\",\"description\":\"TS ID: 55259870655; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--15806179-df3f-450a-baf5-8e2a29d87faa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-27T02:55:48.012Z\",\"name\":\"mal_url: http://vidar321.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://vidar321.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:48.012Z\"}", "type": "indicator" @@ -7961,11 +7804,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014229898Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:50.673Z\",\"description\":\"TS ID: 55259870822; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--bc1b9793-42ef-41bf-a370-a68ca5dd8c7f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-27T02:55:50.673Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:50.673Z\"}", "type": "indicator" @@ -8012,11 +7854,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014233705Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:02.067Z\",\"description\":\"TS ID: 55259870657; iType: mal_url; State: active; Org: Transit Telecom LLC; Source: CyberCrime\",\"id\":\"indicator--d4d45888-5dfb-463b-8d5c-9871157397f9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-17\"],\"modified\":\"2020-01-27T02:56:02.067Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:02.067Z\"}", "type": "indicator" @@ -8063,11 +7904,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014237493Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:03.948Z\",\"description\":\"TS ID: 55259870672; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ee8c37a6-cb8b-478c-b527-2506637ceb34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:03.948Z\",\"name\":\"mal_url: http://turams.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turams.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:03.948Z\"}", "type": "indicator" @@ -8114,11 +7954,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014241310Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:05.787Z\",\"description\":\"TS ID: 55259870662; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--fd1feff8-dcc5-429a-953d-0bb80951bf5c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:56:05.787Z\",\"name\":\"mal_url: http://turames8.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turames8.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:05.787Z\"}", "type": "indicator" @@ -8165,11 +8004,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014245017Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:17.615Z\",\"description\":\"TS ID: 55259870820; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--f69535bc-4059-445d-90b0-1df8498137a4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:17.615Z\",\"name\":\"mal_url: http://2maga.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://2maga.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:17.615Z\"}", "type": "indicator" @@ -8216,11 +8054,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014250026Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:17.653Z\",\"description\":\"TS ID: 55259870704; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--a372cefa-0694-4e39-aa50-67be2cded923\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:56:17.653Z\",\"name\":\"mal_url: http://mogutse.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mogutse.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:17.653Z\"}", "type": "indicator" @@ -8267,11 +8104,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014254224Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:22.845Z\",\"description\":\"TS ID: 55259870661; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ff74ddcd-b63b-4c1d-b4e0-8703b74564ab\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:22.845Z\",\"name\":\"mal_url: http://turamesplus.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turamesplus.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:22.845Z\"}", "type": "indicator" @@ -8318,11 +8154,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014258442Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:23.51Z\",\"description\":\"TS ID: 55259870713; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--360f60db-e8ca-4ede-9f65-7dcb01425d2e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:23.51Z\",\"name\":\"mal_url: http://merops.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://merops.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:23.51Z\"}", "type": "indicator" @@ -8369,11 +8204,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014262419Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:23.555Z\",\"description\":\"TS ID: 55259870702; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--bafd8878-321e-4501-ae0f-221772acccae\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:23.555Z\",\"name\":\"mal_url: http://mogut.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mogut.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:23.555Z\"}", "type": "indicator" @@ -8420,11 +8254,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014266377Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:32.951Z\",\"description\":\"TS ID: 55259870813; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--21811787-57db-4ca6-abb9-57d33500a88e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:32.951Z\",\"name\":\"mal_url: http://2magas.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://2magas.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:32.951Z\"}", "type": "indicator" @@ -8471,11 +8304,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014270825Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:37.65Z\",\"description\":\"TS ID: 55259870741; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--80641a7e-afbf-4b8d-96e6-4770491297b4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-27T02:56:37.65Z\",\"name\":\"mal_url: http://merakim.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://merakim.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:37.65Z\"}", "type": "indicator" @@ -8522,11 +8354,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014275313Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:37.697Z\",\"description\":\"TS ID: 55259870659; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--fb351f4a-90ab-4ff4-a482-b38e7f92bb77\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:37.697Z\",\"name\":\"mal_url: http://turamesv.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turamesv.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:37.697Z\"}", "type": "indicator" @@ -8573,11 +8404,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014279511Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:41.827Z\",\"description\":\"TS ID: 55259870687; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--a5ade447-681b-4518-8ea5-779d9de3ff0e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:41.827Z\",\"name\":\"mal_url: http://ramesv.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ramesv.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:41.827Z\"}", "type": "indicator" @@ -8624,11 +8454,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014284871Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:41.874Z\",\"description\":\"TS ID: 55259870674; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--9a797de6-1aa1-4f5c-b40a-c65699117f57\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-01-27T02:56:41.874Z\",\"name\":\"mal_url: http://roninrol.info/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://roninrol.info/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:41.874Z\"}", "type": "indicator" @@ -8675,11 +8504,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014289430Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:49.344Z\",\"description\":\"TS ID: 55259870678; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--7a094f4c-d57d-4bad-9258-a19210782331\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:49.344Z\",\"name\":\"mal_url: http://ramesvet8.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ramesvet8.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:49.344Z\"}", "type": "indicator" @@ -8726,11 +8554,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014293578Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:53.905Z\",\"description\":\"TS ID: 55259870709; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--6de4e500-4c56-4288-aa8f-b092f194ff78\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:53.905Z\",\"name\":\"mal_url: http://meropsi.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://meropsi.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:53.905Z\"}", "type": "indicator" @@ -8777,11 +8604,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014297846Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:06.376Z\",\"description\":\"TS ID: 55259870660; iType: mal_ip; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--c4c00824-3ceb-4b3c-89a2-77d3920aacdb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-27T02:57:06.376Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:06.376Z\"}", "type": "indicator" @@ -8822,11 +8648,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014301803Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:09.474Z\",\"description\":\"TS ID: 55259870721; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--0e9df710-3a24-4070-9576-f3081708cd67\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:57:09.474Z\",\"name\":\"mal_url: http://meropa.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://meropa.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:09.474Z\"}", "type": "indicator" @@ -8873,11 +8698,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014306121Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:12.314Z\",\"description\":\"TS ID: 55259870801; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--4d6b9fe5-43f3-42af-b7c0-171052280208\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:57:12.314Z\",\"name\":\"mal_url: http://5umaga.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://5umaga.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:12.314Z\"}", "type": "indicator" @@ -8924,11 +8748,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014310369Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:12.344Z\",\"description\":\"TS ID: 55259870773; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--50a15dd9-290b-4240-9245-bbe259bcc4c7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-27T02:57:12.344Z\",\"name\":\"mal_url: http://dufre1.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufre1.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:12.344Z\"}", "type": "indicator" @@ -8975,11 +8798,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014314417Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:17.92Z\",\"description\":\"TS ID: 55259870746; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--53b80678-1eeb-433c-bd54-fd1ae9c83c18\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-27T02:57:17.92Z\",\"name\":\"mal_url: http://dufre-tom.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufre-tom.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:17.92Z\"}", "type": "indicator" @@ -9026,11 +8848,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014319356Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:19.085Z\",\"description\":\"TS ID: 55259870735; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--b14f43dd-6653-42d4-b0db-3cf4e7fbee87\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:57:19.085Z\",\"name\":\"mal_url: http://meropi.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://meropi.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:19.085Z\"}", "type": "indicator" @@ -9077,11 +8898,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014323544Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:19.372Z\",\"description\":\"TS ID: 55263242048; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--e2cdc754-bf45-4c4e-a98a-0fcc1a62cc63\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-28T02:58:19.372Z\",\"name\":\"mal_url: http://serv-node4.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://serv-node4.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:19.372Z\"}", "type": "indicator" @@ -9129,11 +8949,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014328112Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:19.396Z\",\"description\":\"TS ID: 55263242003; iType: mal_url; State: active; Org: Informacines sistemos ir technologijos, UAB; Source: CyberCrime\",\"id\":\"indicator--f0aa41c1-9c01-420f-9134-20fa6a00f8e5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-28T02:58:19.396Z\",\"name\":\"mal_url: http://usarmyvacations.info/ssd/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://usarmyvacations.info/ssd/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:19.396Z\"}", "type": "indicator" @@ -9181,11 +9000,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014332551Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:26.492Z\",\"description\":\"TS ID: 55263242014; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--15b60240-37eb-41c9-9e66-872f19406f6d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-28T02:58:26.492Z\",\"name\":\"mal_url: http://la6e51ed.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://la6e51ed.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:26.492Z\"}", "type": "indicator" @@ -9232,11 +9050,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014336739Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:26.52Z\",\"description\":\"TS ID: 55263241842; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--6a3a7dfd-7dd0-4b5b-b614-b09f20ae34f3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-49\"],\"modified\":\"2020-01-28T02:58:26.52Z\",\"name\":\"mal_url: http://209.250.247.253/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://209.250.247.253/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:26.52Z\"}", "type": "indicator" @@ -9284,11 +9101,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014341147Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:43.041Z\",\"description\":\"TS ID: 55263242045; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--d2de10c5-aaee-4c32-ac0c-0d17ea9c7caf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-28T02:58:43.041Z\",\"name\":\"mal_url: http://footlooking.kl.com.ua/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://footlooking.kl.com.ua/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:43.041Z\"}", "type": "indicator" @@ -9336,11 +9152,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014345715Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:43.095Z\",\"description\":\"TS ID: 55263242017; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--8391ee32-499a-4390-b81d-5bd14638be82\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-28T02:58:43.095Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:43.095Z\"}", "type": "indicator" @@ -9381,11 +9196,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014350655Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:45.172Z\",\"description\":\"TS ID: 55263242019; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--1a91efe1-ff09-49b2-801b-fb815c843976\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-28T02:58:45.172Z\",\"name\":\"mal_url: http://a0377875.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://a0377875.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:45.172Z\"}", "type": "indicator" @@ -9432,11 +9246,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014355103Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:46.345Z\",\"description\":\"TS ID: 55263241963; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--9980de5d-7c0e-456a-b2bf-32544fda592b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T02:58:46.345Z\",\"name\":\"mal_url: http://samaaj.org.pk/ofo/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/ofo/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:46.345Z\"}", "type": "indicator" @@ -9484,11 +9297,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014359561Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:54.765Z\",\"description\":\"TS ID: 55263242018; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--5da6cfdf-c2a5-45d5-857e-110fc26336f4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-01-28T02:58:54.765Z\",\"name\":\"mal_url: http://f0390226.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0390226.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:54.765Z\"}", "type": "indicator" @@ -9535,11 +9347,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014363839Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:57.481Z\",\"description\":\"TS ID: 55263242026; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--5a32ccb0-c749-4286-a606-f3bfe9a61084\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T02:58:57.481Z\",\"name\":\"mal_url: http://samaaj.org.pk/justices/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/justices/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:57.481Z\"}", "type": "indicator" @@ -9587,11 +9398,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014368218Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:19.105Z\",\"description\":\"TS ID: 55263242012; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--c26773dc-80be-48c8-98fd-409174bfd0e2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-56\"],\"modified\":\"2020-01-28T02:59:19.105Z\",\"name\":\"mal_url: http://89.160.20.156/teejay/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/teejay/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:19.105Z\"}", "type": "indicator" @@ -9639,11 +9449,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014372806Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:23.53Z\",\"description\":\"TS ID: 55263242004; iType: mal_ip; State: active; Org: Informacines sistemos ir technologijos, UAB; Source: CyberCrime\",\"id\":\"indicator--642f909c-b1e7-4b17-9786-c01371f5da67\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-59\"],\"modified\":\"2020-01-28T02:59:23.53Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:23.53Z\"}", "type": "indicator" @@ -9684,11 +9493,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014377194Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:26.887Z\",\"description\":\"TS ID: 55263242013; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--b50c1f06-f68e-4842-a1ac-cddef3c2ff05\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-28T02:59:26.887Z\",\"name\":\"mal_url: http://ld7cad07.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ld7cad07.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:26.887Z\"}", "type": "indicator" @@ -9735,11 +9543,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014381713Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:27.047Z\",\"description\":\"TS ID: 55263241837; iType: mal_ip; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--ab7dae9a-3218-40dd-984c-a928336e1ccb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-38\"],\"modified\":\"2020-01-28T02:59:27.047Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:27.047Z\"}", "type": "indicator" @@ -9780,11 +9587,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014386482Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:34.735Z\",\"description\":\"TS ID: 55263242041; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--fc149a8c-3d46-47f7-b0c2-9764d7291336\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-29\"],\"modified\":\"2020-01-28T02:59:34.735Z\",\"name\":\"mal_url: http://192.168.238.10/emmy/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://192.168.238.10/emmy/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:34.735Z\"}", "type": "indicator" @@ -9832,11 +9638,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014390960Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:34.772Z\",\"description\":\"TS ID: 55263241981; iType: mal_url; State: active; Org: Hostgator Asian Operations Division.; Source: CyberCrime\",\"id\":\"indicator--167c21ca-7d6b-455c-954a-91a5f036616d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-28T02:59:34.772Z\",\"name\":\"mal_url: http://aivazidis.gq/mad-ooo/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aivazidis.gq/mad-ooo/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:34.772Z\"}", "type": "indicator" @@ -9884,11 +9689,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014395389Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:39.12Z\",\"description\":\"TS ID: 55263241978; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--8a35f477-32b2-4735-9e85-743115f1e83f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T02:59:39.12Z\",\"name\":\"mal_url: http://samaaj.org.pk/Elvis/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/Elvis/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:39.12Z\"}", "type": "indicator" @@ -9936,11 +9740,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014400087Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:54.142Z\",\"description\":\"TS ID: 55263242015; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--efcb1909-e772-4001-a96c-97c293baa98d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-28T02:59:54.142Z\",\"name\":\"mal_url: http://l3b57852.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l3b57852.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:54.142Z\"}", "type": "indicator" @@ -9987,11 +9790,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014404295Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:54.166Z\",\"description\":\"TS ID: 55263241966; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--b5c97605-a434-4b73-a655-acc88db57cb7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T02:59:54.166Z\",\"name\":\"mal_url: http://samaaj.org.pk/fk/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/fk/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:54.166Z\"}", "type": "indicator" @@ -10039,11 +9841,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014408463Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:54.193Z\",\"description\":\"TS ID: 55263241841; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--10690da4-ed16-4fac-bae7-25a1b17db17d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-01-28T02:59:54.193Z\",\"name\":\"mal_url: http://89.160.20.156/34DEF67D-347D-4799-A12D-84D8482E3B54/azorult/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/34DEF67D-347D-4799-A12D-84D8482E3B54/azorult/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:54.193Z\"}", "type": "indicator" @@ -10091,11 +9892,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014413022Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:54.253Z\",\"description\":\"TS ID: 55263241840; iType: mal_ip; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--dff78d62-6939-4d47-a5b3-0c275a472f7f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-01-28T02:59:54.253Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:54.253Z\"}", "type": "indicator" @@ -10136,11 +9936,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014417159Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:08.397Z\",\"description\":\"TS ID: 55263242037; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--c1f7d2e7-4186-47c6-a29b-cdb9bb524732\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-28T03:00:08.397Z\",\"name\":\"mal_url: http://j1034033.myjino.ru/laskovo/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j1034033.myjino.ru/laskovo/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:08.397Z\"}", "type": "indicator" @@ -10188,11 +9987,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014421558Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:08.446Z\",\"description\":\"TS ID: 55263241846; iType: mal_url; State: active; Org: UAB Cherry Servers; Source: CyberCrime\",\"id\":\"indicator--2ffd18da-452a-462b-a264-4c457564de62\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-01-28T03:00:08.446Z\",\"name\":\"mal_url: http://89.160.20.156/xcool!/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/xcool!/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:08.446Z\"}", "type": "indicator" @@ -10240,11 +10038,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014425745Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:22.832Z\",\"description\":\"TS ID: 55263242001; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--bdb1bbc0-4cfe-484b-8c99-22ff164e345d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T03:00:22.832Z\",\"name\":\"mal_url: http://samaaj.org.pk/ejima/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/ejima/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:22.832Z\"}", "type": "indicator" @@ -10292,11 +10089,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014430164Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:23.929Z\",\"description\":\"TS ID: 55263241843; iType: mal_url; State: active; Org: Saginaw Valley State University; Source: CyberCrime\",\"id\":\"indicator--b708bbd4-d0f4-406e-926e-086fd1bd096e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-28T03:00:23.929Z\",\"name\":\"mal_url: http://155.138.222.174/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://155.138.222.174/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:23.929Z\"}", "type": "indicator" @@ -10344,11 +10140,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014434662Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:30.838Z\",\"description\":\"TS ID: 55263241974; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--384ff3f4-d643-4b23-ad90-9b4fa7524db8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T03:00:30.838Z\",\"name\":\"mal_url: http://samaaj.org.pk/emp/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/emp/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:30.838Z\"}", "type": "indicator" @@ -10396,11 +10191,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014439261Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:52.335Z\",\"description\":\"TS ID: 55263242016; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--b5e5a709-1001-4905-9019-d69e53b8393d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-28T03:00:52.335Z\",\"name\":\"mal_url: http://minecraft-only.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://minecraft-only.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:52.335Z\"}", "type": "indicator" @@ -10447,11 +10241,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014443238Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:01:04.475Z\",\"description\":\"TS ID: 55263242040; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--910b12d0-b553-4219-846e-824ea3be86f8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-01-28T03:01:04.475Z\",\"name\":\"mal_url: http://buythebest.pw/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://buythebest.pw/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:01:04.475Z\"}", "type": "indicator" @@ -10499,11 +10292,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014447286Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:01:04.538Z\",\"description\":\"TS ID: 55263242010; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--6e7ba339-ede0-47fd-a6c9-bd1ffb61fbbf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-28T03:01:04.538Z\",\"name\":\"mal_url: http://smtress.zzz.com.ua/admin/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://smtress.zzz.com.ua/admin/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:01:04.538Z\"}", "type": "indicator" @@ -10551,11 +10343,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014453377Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:01:31.533Z\",\"description\":\"TS ID: 55263241845; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--1d0c2a7c-ba78-4e9f-ae7a-4ce2988357b1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-01-28T03:01:31.533Z\",\"name\":\"mal_url: http://149.28.199.128/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://149.28.199.128/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:01:31.533Z\"}", "type": "indicator" @@ -10603,11 +10394,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014457675Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T02:59:29.937Z\",\"description\":\"TS ID: 55266539002; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--b78ae5fd-ee1e-49ab-9519-fb62ba1bb26a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T02:59:29.937Z\",\"name\":\"mal_url: http://ecoorganic.co/Work6/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work6/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T02:59:29.937Z\"}", "type": "indicator" @@ -10655,11 +10445,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014461813Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:21.905Z\",\"description\":\"TS ID: 55266539006; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ec4322a7-481b-4787-8df2-e3b3bc0c8b8b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:00:21.905Z\",\"name\":\"mal_url: http://ecoorganic.co/Work2/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work2/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:21.905Z\"}", "type": "indicator" @@ -10707,11 +10496,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014465921Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:29.782Z\",\"description\":\"TS ID: 55266539008; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--cc172be8-7e67-489c-8bd8-8e9ffc11a944\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-29T03:00:29.782Z\",\"name\":\"mal_url: http://aikchimhin.com/walterXXXX/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aikchimhin.com/walterXXXX/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:29.782Z\"}", "type": "indicator" @@ -10759,11 +10547,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014470319Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:38.132Z\",\"description\":\"TS ID: 55266538988; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--6cb1c4c4-93cb-4ad9-b176-e2a47febafac\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-29T03:00:38.132Z\",\"name\":\"mal_url: http://ssgcvb3435fsdgdfg5656sdfgsdfsdf.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ssgcvb3435fsdgdfg5656sdfgsdfsdf.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:38.132Z\"}", "type": "indicator" @@ -10810,11 +10597,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014474717Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:38.721Z\",\"description\":\"TS ID: 55266538999; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--42f95e09-bad2-4055-bf72-fd3d1f26a173\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:00:38.721Z\",\"name\":\"mal_url: http://ecoorganic.co/Work8/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work8/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:38.721Z\"}", "type": "indicator" @@ -10862,11 +10648,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014478905Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:51.527Z\",\"description\":\"TS ID: 55266539012; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--b9eafbc4-77e3-4b9b-bd34-a15681f0bbec\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-29T03:00:51.527Z\",\"name\":\"mal_url: http://corpcougar.com/me/32/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/me/32/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:51.527Z\"}", "type": "indicator" @@ -10914,11 +10699,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014482913Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:05.442Z\",\"description\":\"TS ID: 55266539004; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--9a6acfec-ffa7-47c7-8176-7dbaca7b379f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:01:05.442Z\",\"name\":\"mal_url: http://ecoorganic.co/Work4/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work4/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:05.442Z\"}", "type": "indicator" @@ -10966,11 +10750,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014486850Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:13.933Z\",\"description\":\"TS ID: 55266539014; iType: mal_ip; State: active; Org: Lir.bg EOOD; Source: CyberCrime\",\"id\":\"indicator--5384d504-8760-4255-8daa-dd156dc302d0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-01-29T03:01:13.933Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:13.933Z\"}", "type": "indicator" @@ -11011,11 +10794,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014490577Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:31.192Z\",\"description\":\"TS ID: 55266539003; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--56b347c9-58c9-48d5-a015-2d561d855af2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:01:31.192Z\",\"name\":\"mal_url: http://ecoorganic.co/Work5/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work5/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:31.192Z\"}", "type": "indicator" @@ -11063,11 +10845,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014494314Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:37.815Z\",\"description\":\"TS ID: 55266538992; iType: mal_url; State: active; Org: Exa Bytes Network Sdn.Bhd.; Source: CyberCrime\",\"id\":\"indicator--840739fb-44ae-42f0-805f-422b38422325\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-29T03:01:37.815Z\",\"name\":\"mal_url: http://rajas.com.my/wp-content/uploads/2015/nux/Panel/lucifer/Panel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rajas.com.my/wp-content/uploads/2015/nux/Panel/lucifer/Panel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:37.815Z\"}", "type": "indicator" @@ -11115,11 +10896,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014498081Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:49.96Z\",\"description\":\"TS ID: 55266539011; iType: mal_url; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime\",\"id\":\"indicator--9ab8a69c-5b95-4fd6-b189-11d90ee54834\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-01-29T03:01:49.96Z\",\"name\":\"mal_url: http://rgmechanics.fun/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rgmechanics.fun/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:49.96Z\"}", "type": "indicator" @@ -11167,11 +10947,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014502079Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:14.284Z\",\"description\":\"TS ID: 55266539013; iType: mal_url; State: active; Org: Lir.bg EOOD; Source: CyberCrime\",\"id\":\"indicator--96051c6b-3648-43ba-b579-735bd6342ec2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-29T03:02:14.284Z\",\"name\":\"mal_url: http://sbsinstitute.co.in/wp-includes/temp/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sbsinstitute.co.in/wp-includes/temp/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:14.284Z\"}", "type": "indicator" @@ -11219,11 +10998,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014506767Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:24.081Z\",\"description\":\"TS ID: 55266539001; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--d76d300b-07b7-4e9b-b7f1-9e6c0def6a6b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:02:24.081Z\",\"name\":\"mal_url: http://ecoorganic.co/Work7/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work7/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:24.081Z\"}", "type": "indicator" @@ -11271,11 +11049,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014510755Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:31.573Z\",\"description\":\"TS ID: 55266539009; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--3c61c714-aab6-46e2-abfd-389628870d7d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-01-29T03:02:31.573Z\",\"name\":\"mal_url: http://v200598.hosted-by-vdsina.ru/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://v200598.hosted-by-vdsina.ru/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:31.573Z\"}", "type": "indicator" @@ -11323,11 +11100,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014514522Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:31.605Z\",\"description\":\"TS ID: 55266539007; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--3c9a39df-b4f3-4529-bfd8-d8b40801e555\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:02:31.605Z\",\"name\":\"mal_url: http://ecoorganic.co/Work1/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work1/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:31.605Z\"}", "type": "indicator" @@ -11375,11 +11151,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014518489Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:41.021Z\",\"description\":\"TS ID: 55266538989; iType: mal_ip; State: active; Org: Telenet Ltd.; Source: CyberCrime\",\"id\":\"indicator--756932e1-687c-41c9-9b55-2a762c8a1ef3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-29T03:02:41.021Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:41.021Z\"}", "type": "indicator" @@ -11420,11 +11195,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014523218Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:42.284Z\",\"description\":\"TS ID: 55266539010; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--e34dc439-4789-4d5a-b7dc-471fb473f4a0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-29T03:02:42.284Z\",\"name\":\"mal_url: http://v178903.hosted-by-vdsina.ru/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://v178903.hosted-by-vdsina.ru/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:42.284Z\"}", "type": "indicator" @@ -11472,11 +11246,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014527136Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:42.335Z\",\"description\":\"TS ID: 55266538994; iType: mal_url; State: active; Org: Unified Layer; Source: CyberCrime\",\"id\":\"indicator--a30fe926-53b8-43fe-a792-8ecd41071dd7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-29T03:02:42.335Z\",\"name\":\"mal_url: http://tickerqube.com/Loki2020/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tickerqube.com/Loki2020/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:42.335Z\"}", "type": "indicator" @@ -11524,11 +11297,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014531043Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:42.367Z\",\"description\":\"TS ID: 55266538986; iType: mal_url; State: active; Org: Eonix Corporation; Source: CyberCrime\",\"id\":\"indicator--0005f77c-327b-4b69-8046-777efe95361d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-29T03:02:42.367Z\",\"name\":\"mal_url: http://microsoftrenat.site/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://microsoftrenat.site/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:42.367Z\"}", "type": "indicator" @@ -11576,11 +11348,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014535050Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:48.869Z\",\"description\":\"TS ID: 55266539005; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--2ef4b932-5434-49f4-8255-a70de96893d8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:02:48.869Z\",\"name\":\"mal_url: http://ecoorganic.co/Work3/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work3/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:48.869Z\"}", "type": "indicator" @@ -11628,11 +11399,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014557472Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:48.897Z\",\"description\":\"TS ID: 55266538991; iType: mal_ip; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime\",\"id\":\"indicator--becea156-fb29-4cd3-80b1-55cb739e0b6c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-21\"],\"modified\":\"2020-01-29T03:02:48.897Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:48.897Z\"}", "type": "indicator" @@ -11673,11 +11443,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014564546Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-30T02:58:32.284Z\",\"description\":\"TS ID: 55270319168; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--8da10219-9eb1-4963-8889-587598e511cd\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-01-30T02:58:32.284Z\",\"name\":\"mal_url: http://www.cpadeer.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://www.cpadeer.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-30T02:58:32.284Z\"}", "type": "indicator" @@ -11724,11 +11493,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014570156Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-31T02:19:29.045Z\",\"description\":\"TS ID: 55274447486; iType: mal_url; State: active; Org: SingleHop LLC; Source: CyberCrime\",\"id\":\"indicator--093bf827-0d84-4b54-9d62-dffffd0a619b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-31T02:19:29.045Z\",\"name\":\"mal_url: http://cleaning-hygiene.com/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://cleaning-hygiene.com/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-31T02:19:29.045Z\"}", "type": "indicator" @@ -11776,11 +11544,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014574284Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-31T02:22:09.726Z\",\"description\":\"TS ID: 55274447484; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--51d4eb13-adf7-4de1-a3f0-106d343ad560\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-31T02:22:09.726Z\",\"name\":\"mal_url: http://corpcougar.com/buggy/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/buggy/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-31T02:22:09.726Z\"}", "type": "indicator" @@ -11828,11 +11595,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014578332Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:03:02.79Z\",\"description\":\"TS ID: 55277443309; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--a5926161-953c-4763-9d10-0c5e10bcd4e4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:03:02.79Z\",\"name\":\"mal_url: http://marubemi.com/owen/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://marubemi.com/owen/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:03:02.79Z\"}", "type": "indicator" @@ -11880,11 +11646,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014582239Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:03:07.047Z\",\"description\":\"TS ID: 55277443409; iType: mal_ip; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--ee4a872e-e53e-428f-86a1-32c4e4db68f6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-28\"],\"modified\":\"2020-02-01T02:03:07.047Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:03:07.047Z\"}", "type": "indicator" @@ -11925,11 +11690,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014585956Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:03:48.038Z\",\"description\":\"TS ID: 55277443373; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--8494f340-0964-47f0-ba09-78fe0b76eb34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:03:48.038Z\",\"name\":\"mal_url: http://zeyadigital.com/etty/black/download/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://zeyadigital.com/etty/black/download/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:03:48.038Z\"}", "type": "indicator" @@ -11977,11 +11741,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014589653Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:03:48.079Z\",\"description\":\"TS ID: 55277443242; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--f051e10a-76c9-4f14-9fa3-9dbccc65c26f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:03:48.079Z\",\"name\":\"mal_url: http://farzanatradings.com/maindon/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farzanatradings.com/maindon/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:03:48.079Z\"}", "type": "indicator" @@ -12029,11 +11792,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014593199Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:16.392Z\",\"description\":\"TS ID: 55277443446; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--79c8f52b-f134-4e02-ad7a-6169063c8fba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:04:16.392Z\",\"name\":\"mal_url: http://trouserlanditd.com/draw/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trouserlanditd.com/draw/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:16.392Z\"}", "type": "indicator" @@ -12081,11 +11843,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014597067Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:21.636Z\",\"description\":\"TS ID: 55277443452; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--7338fc3d-2a1f-4583-b34d-eb76912a43e6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-01T02:04:21.636Z\",\"name\":\"mal_url: http://krompres.tk/loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://krompres.tk/loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:21.636Z\"}", "type": "indicator" @@ -12133,11 +11894,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014601084Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:21.676Z\",\"description\":\"TS ID: 55277443202; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--1f9e0571-119c-448a-8656-fec49c9c058a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-01T02:04:21.676Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:21.676Z\"}", "type": "indicator" @@ -12184,11 +11944,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014604941Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:21.705Z\",\"description\":\"TS ID: 55277443078; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--d1161e31-f661-469c-b206-84e1d416e577\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-02-01T02:04:21.705Z\",\"name\":\"mal_url: http://gosdick.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gosdick.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:21.705Z\"}", "type": "indicator" @@ -12235,11 +11994,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014608588Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:21.745Z\",\"description\":\"TS ID: 55277442685; iType: mal_ip; State: active; Org: LLC Baxet; Source: CyberCrime\",\"id\":\"indicator--8f0a9931-5ee4-4b0e-b473-b130d72ef175\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-17\"],\"modified\":\"2020-02-01T02:04:21.745Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:21.745Z\"}", "type": "indicator" @@ -12280,11 +12038,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014612345Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:05:07.232Z\",\"description\":\"TS ID: 55277443523; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--0068cb9c-0bdf-44a8-9563-5006e0c38921\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-02-01T02:05:07.232Z\",\"name\":\"mal_url: http://everest--sh.com/click/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://everest--sh.com/click/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:05:07.232Z\"}", "type": "indicator" @@ -12332,11 +12089,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014616042Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:05:07.274Z\",\"description\":\"TS ID: 55277442283; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--2dd49cbe-4835-49ea-a29c-b173c0840506\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-01T02:05:07.274Z\",\"name\":\"mal_url: http://89.160.20.156/tspir/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/tspir/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:05:07.274Z\"}", "type": "indicator" @@ -12384,11 +12140,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014619779Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:07.042Z\",\"description\":\"TS ID: 55277443220; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--b8e709b0-7eb8-4b2b-94f0-e21c4138cf9b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:06:07.042Z\",\"name\":\"mal_url: http://vware.duckdns.org/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://vware.duckdns.org/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:07.042Z\"}", "type": "indicator" @@ -12436,11 +12191,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014623757Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:15.505Z\",\"description\":\"TS ID: 55277443605; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--10e62d11-dbc5-4d39-badf-574aaab2d0f5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-01T02:06:15.505Z\",\"name\":\"mal_url: http://cokhiquangbien.com/.jx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://cokhiquangbien.com/.jx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:15.505Z\"}", "type": "indicator" @@ -12488,11 +12242,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014627915Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:15.674Z\",\"description\":\"TS ID: 55277443276; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--a84ddb39-c02c-44cc-bac3-0056c279454c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:06:15.674Z\",\"name\":\"mal_url: http://corpcougar.com/nedu/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/nedu/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:15.674Z\"}", "type": "indicator" @@ -12540,11 +12293,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014631642Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:38.684Z\",\"description\":\"TS ID: 55277443190; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--f667d2dd-f6df-4aa4-bd7b-8b7f3e98fa0a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-01T02:06:38.684Z\",\"name\":\"mal_url: http://bubble2.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bubble2.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:38.684Z\"}", "type": "indicator" @@ -12591,11 +12343,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014635439Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:38.733Z\",\"description\":\"TS ID: 55277442690; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--a81a2408-b11b-4b28-a5b6-ffec11942d62\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-32\"],\"modified\":\"2020-02-01T02:06:38.733Z\",\"name\":\"mal_url: http://144.202.96.212/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://144.202.96.212/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:38.733Z\"}", "type": "indicator" @@ -12643,11 +12394,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014639206Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:49.292Z\",\"description\":\"TS ID: 55277443216; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--4a414cbe-3e02-48b9-84fb-103ed9961e6c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-01T02:06:49.292Z\",\"name\":\"mal_url: http://papafrog.beget.tech/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://papafrog.beget.tech/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:49.292Z\"}", "type": "indicator" @@ -12695,11 +12445,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014642772Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:07:27.633Z\",\"description\":\"TS ID: 55277443028; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--27f66dbf-4ce9-4616-aef1-c6ab9f224ecb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:07:27.633Z\",\"name\":\"mal_url: http://t917659s.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://t917659s.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:07:27.633Z\"}", "type": "indicator" @@ -12746,11 +12495,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014646880Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:07:36.513Z\",\"description\":\"TS ID: 55277443145; iType: mal_url; State: active; Org: Host Europe GmbH; Source: CyberCrime\",\"id\":\"indicator--4cd504ee-3b5e-439f-b37d-3e932b200a55\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-01T02:07:36.513Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:07:36.513Z\"}", "type": "indicator" @@ -12797,11 +12545,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014650878Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:09.833Z\",\"description\":\"TS ID: 55277443560; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--7d803ca2-4e7d-414e-9693-854d08c49bb6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-01T02:08:09.833Z\",\"name\":\"mal_url: http://drop-box.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://drop-box.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:09.833Z\"}", "type": "indicator" @@ -12849,11 +12596,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014655536Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:09.939Z\",\"description\":\"TS ID: 55277442673; iType: mal_url; State: active; Org: Mir Telematiki Ltd; Source: CyberCrime\",\"id\":\"indicator--7cbc0a23-df38-4526-84b1-b344948f0b72\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-63\"],\"modified\":\"2020-02-01T02:08:09.939Z\",\"name\":\"mal_url: http://89.160.20.156/xcool!/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/xcool!/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:09.939Z\"}", "type": "indicator" @@ -12901,11 +12647,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014659905Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:31.777Z\",\"description\":\"TS ID: 55277443138; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--9530c9fb-99b6-40af-b14a-a622cff510b1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-01T02:08:31.777Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:31.777Z\"}", "type": "indicator" @@ -12946,11 +12691,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014665094Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:31.818Z\",\"description\":\"TS ID: 55277442273; iType: mal_ip; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--6955fd8f-b856-43aa-bac7-0d5a2d8519f2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:08:31.818Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:31.818Z\"}", "type": "indicator" @@ -12991,11 +12735,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014669543Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:42.76Z\",\"description\":\"TS ID: 55277443599; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--4c8f8d86-da50-48bb-a41b-8a002561315a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-01T02:08:42.76Z\",\"name\":\"mal_url: http://digi-sec.top/lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://digi-sec.top/lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:42.76Z\"}", "type": "indicator" @@ -13043,11 +12786,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014673720Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:09:05.295Z\",\"description\":\"TS ID: 55277443514; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--3639e6da-8159-4dd6-b928-b8189c29159f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-02-01T02:09:05.295Z\",\"name\":\"mal_url: http://everest--sh.com/cola/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://everest--sh.com/cola/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:09:05.295Z\"}", "type": "indicator" @@ -13095,11 +12837,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014678069Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:09:13.398Z\",\"description\":\"TS ID: 55277443134; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--7d4bf98b-8fc2-427c-a08b-f432e43c1110\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-01T02:09:13.398Z\",\"name\":\"mal_url: http://moonberry.pk/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://moonberry.pk/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:09:13.398Z\"}", "type": "indicator" @@ -13146,11 +12887,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014682447Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:09:49.804Z\",\"description\":\"TS ID: 55277442688; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--0f2bf75c-d534-48e9-a25f-940cc5f673ed\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-01T02:09:49.804Z\",\"name\":\"mal_url: http://207.246.67.4/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://207.246.67.4/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:09:49.804Z\"}", "type": "indicator" @@ -13198,11 +12938,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014686565Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:09:56.524Z\",\"description\":\"TS ID: 55277443239; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--0cdef192-7b00-48b1-b8d4-a9642e37d630\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:09:56.524Z\",\"name\":\"mal_url: http://farzanatradings.com/odogwu/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farzanatradings.com/odogwu/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:09:56.524Z\"}", "type": "indicator" @@ -13250,11 +12989,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014690963Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:00.889Z\",\"description\":\"TS ID: 55277443489; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--e409b749-d733-4b69-83cf-4df74ac8fd2b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:10:00.889Z\",\"name\":\"mal_url: http://gpi-q.com/clean/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/clean/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:00.889Z\"}", "type": "indicator" @@ -13302,11 +13040,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014696163Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:04.196Z\",\"description\":\"TS ID: 55277443402; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--347a1f39-78c4-4f71-b125-decaba2489b4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:10:04.196Z\",\"name\":\"mal_url: http://trouserlanditd.com/drug/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trouserlanditd.com/drug/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:04.196Z\"}", "type": "indicator" @@ -13354,11 +13091,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014700641Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:04.234Z\",\"description\":\"TS ID: 55277443231; iType: mal_url; State: active; Org: Fornex Hosting S.L.; Source: CyberCrime\",\"id\":\"indicator--acd84a21-6112-4bbb-9132-fa50a9b7b07c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:10:04.234Z\",\"name\":\"mal_url: http://nextbridge.info/god/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nextbridge.info/god/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:04.234Z\"}", "type": "indicator" @@ -13406,11 +13142,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014705019Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:18.897Z\",\"description\":\"TS ID: 55277442692; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--d2990eea-f233-4296-b7ea-dc78ad48f1a3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-01T02:10:18.897Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:18.897Z\"}", "type": "indicator" @@ -13458,11 +13193,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014709357Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:19.383Z\",\"description\":\"TS ID: 55277443285; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--ca6a96b9-60e6-429f-9223-7009c1a5e164\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:10:19.383Z\",\"name\":\"mal_url: http://corpcougar.com/collins/32/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/collins/32/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:19.383Z\"}", "type": "indicator" @@ -13510,11 +13244,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014713625Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:19.417Z\",\"description\":\"TS ID: 55277443195; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--1339e0b5-4398-4de4-9175-e685b6d0f5a4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-01T02:10:19.417Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:19.417Z\"}", "type": "indicator" @@ -13555,11 +13288,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014717813Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:39.062Z\",\"description\":\"TS ID: 55277443225; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--5a37e909-b130-4f49-b1d5-f4645a9d4c21\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-01T02:10:39.062Z\",\"name\":\"mal_url: http://pom4ekk.myjino.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pom4ekk.myjino.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:39.062Z\"}", "type": "indicator" @@ -13607,11 +13339,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014722121Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:42.316Z\",\"description\":\"TS ID: 55277443198; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--9c6caf78-5bcd-4f6f-bc0f-d094a027a811\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-02-01T02:10:42.316Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:42.316Z\"}", "type": "indicator" @@ -13658,11 +13389,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014726509Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:07.132Z\",\"description\":\"TS ID: 55277443508; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--d5f6e0de-d0bb-48f9-931d-5f4fd725a712\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:11:07.132Z\",\"name\":\"mal_url: http://gpi-q.com/clap/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:07.132Z\"}", "type": "indicator" @@ -13710,11 +13440,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014730848Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:07.159Z\",\"description\":\"TS ID: 55277443305; iType: mal_url; State: active; Org: LLC Baxet; Source: CyberCrime\",\"id\":\"indicator--d2ef46a3-6df2-4cc9-bb15-886dc24d41e5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-01T02:11:07.159Z\",\"name\":\"mal_url: http://betprognoz.pro/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://betprognoz.pro/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:07.159Z\"}", "type": "indicator" @@ -13762,11 +13491,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014735035Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:33.332Z\",\"description\":\"TS ID: 55277443141; iType: mal_url; State: active; Org: Host Sailor Ltd.; Source: CyberCrime\",\"id\":\"indicator--6c50f1f6-c27a-4484-ac53-728654ba2db3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:11:33.332Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:33.332Z\"}", "type": "indicator" @@ -13813,11 +13541,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014739163Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:40.48Z\",\"description\":\"TS ID: 55277443247; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--ede31398-e157-401a-9362-127f5c5983ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:11:40.48Z\",\"name\":\"mal_url: http://farzanatradings.com/fakedon/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farzanatradings.com/fakedon/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:40.48Z\"}", "type": "indicator" @@ -13865,11 +13592,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014743792Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:41.88Z\",\"description\":\"TS ID: 55277443064; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--297cf29f-42ad-44ac-9f04-5156899d5ce9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:11:41.88Z\",\"name\":\"mal_url: http://q74722vp.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://q74722vp.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:41.88Z\"}", "type": "indicator" @@ -13916,11 +13642,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014755434Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:18.343Z\",\"description\":\"TS ID: 55280666668; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--194d8979-3fb6-4ebb-b7b1-d4758be6b32a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-02T01:57:18.343Z\",\"name\":\"mal_url: http://sino-spriulina.com/demo1/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sino-spriulina.com/demo1/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:18.343Z\"}", "type": "indicator" @@ -13968,11 +13693,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014759491Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:18.366Z\",\"description\":\"TS ID: 55280666642; iType: mal_url; State: active; Org: State Research Center of the Russian Federation; Source: CyberCrime\",\"id\":\"indicator--7470705a-310f-4fe9-9c2f-02b5eac2ff94\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-02T01:57:18.366Z\",\"name\":\"mal_url: http://gpi-q.com/craks/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/craks/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:18.366Z\"}", "type": "indicator" @@ -14020,11 +13744,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014763669Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:18.451Z\",\"description\":\"TS ID: 55280666607; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--20860e18-16e7-4a9a-a485-7588aaee909b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-02T01:57:18.451Z\",\"name\":\"mal_url: http://calmingvapors.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://calmingvapors.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:18.451Z\"}", "type": "indicator" @@ -14071,11 +13794,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014767466Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:18.605Z\",\"description\":\"TS ID: 55280666626; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--6d90d2cb-9fc8-43a4-b4c0-d9ab027f2268\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-02T01:57:18.605Z\",\"name\":\"mal_url: http://tonitrus.pw/3AX3AsO58eVAwtrm/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tonitrus.pw/3AX3AsO58eVAwtrm/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:18.605Z\"}", "type": "indicator" @@ -14123,11 +13845,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014771123Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:19.047Z\",\"description\":\"TS ID: 55280666671; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--ffc26af5-40e7-4157-9d15-cf6048ef86a4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-02T01:57:19.047Z\",\"name\":\"mal_url: http://sino-spriulina.com/demo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sino-spriulina.com/demo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:19.047Z\"}", "type": "indicator" @@ -14175,11 +13896,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014774870Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:19.068Z\",\"description\":\"TS ID: 55280666596; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--5c4cfe56-5fda-4c2b-9b8c-3d384988c3ac\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-02T01:57:19.068Z\",\"name\":\"mal_url: http://f0392879.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0392879.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:19.068Z\"}", "type": "indicator" @@ -14226,11 +13946,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014778677Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:25.701Z\",\"description\":\"TS ID: 55280666633; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--8fdc4cfc-1312-4f6c-99ce-3a0a582a07d3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-02-02T01:57:25.701Z\",\"name\":\"mal_url: http://expertisem.net/agutaz/direct/pushin/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://expertisem.net/agutaz/direct/pushin/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:25.701Z\"}", "type": "indicator" @@ -14278,11 +13997,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014782925Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:25.838Z\",\"description\":\"TS ID: 55280666656; iType: mal_url; State: active; Org: State Research Center of the Russian Federation; Source: CyberCrime\",\"id\":\"indicator--9d8a164e-4f04-4ad2-a1a5-9c4dea319b97\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-02T01:57:25.838Z\",\"name\":\"mal_url: http://gpi-q.com/copy/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/copy/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:25.838Z\"}", "type": "indicator" @@ -14330,11 +14048,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014787163Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:29.827Z\",\"description\":\"TS ID: 55280666597; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--001b0157-c446-40fd-8e01-136a2cab433f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-02-02T01:57:29.827Z\",\"name\":\"mal_url: http://f0391832.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391832.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:29.827Z\"}", "type": "indicator" @@ -14381,11 +14098,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014791471Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:48.75Z\",\"description\":\"TS ID: 55280666598; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--4c7c0429-b6f8-4376-8d84-18d68d212b34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-02-02T01:57:48.75Z\",\"name\":\"mal_url: http://f0391281.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391281.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:48.75Z\"}", "type": "indicator" @@ -14432,11 +14148,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014795449Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:58:23.948Z\",\"description\":\"TS ID: 55280666593; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--4eeed5f1-092b-4a3f-8c54-f5eb87b5a19c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-02T01:58:23.948Z\",\"name\":\"mal_url: http://f0393735.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0393735.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:58:23.948Z\"}", "type": "indicator" @@ -14483,11 +14198,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014799566Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:58:44.041Z\",\"description\":\"TS ID: 55280666689; iType: mal_url; State: active; Org: Hostinger International Limited; Source: CyberCrime\",\"id\":\"indicator--c253cabd-5a52-4b5f-a53f-94ca58ee3f60\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-02T01:58:44.041Z\",\"name\":\"mal_url: http://gerawest.xyz/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gerawest.xyz/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:58:44.041Z\"}", "type": "indicator" @@ -14535,11 +14249,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014803223Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:58:54.099Z\",\"description\":\"TS ID: 55280666701; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--0bb2320f-9a03-4375-ad2a-10b5d3c41b36\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-02-02T01:58:54.099Z\",\"name\":\"mal_url: http://f0387404.xsph.ru/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387404.xsph.ru/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:58:54.099Z\"}", "type": "indicator" @@ -14586,11 +14299,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014806960Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:59:11.446Z\",\"description\":\"TS ID: 55280666697; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--f6198f5d-4056-4b4f-8ab7-d9b82ec4878b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-02T01:59:11.446Z\",\"name\":\"mal_url: http://j1040794.myjino.ru/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j1040794.myjino.ru/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:59:11.446Z\"}", "type": "indicator" @@ -14637,11 +14349,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014810757Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:59:24.665Z\",\"description\":\"TS ID: 55280666589; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--60d7cde7-6852-4295-8399-81b21cc74d7a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-02-02T01:59:24.665Z\",\"name\":\"mal_url: http://f0395171.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0395171.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:59:24.665Z\"}", "type": "indicator" @@ -14688,11 +14399,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014814585Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:11.839Z\",\"description\":\"TS ID: 55280666629; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--f31af3ce-1dfe-4846-8f78-cc0f5e73dd2f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-02T02:00:11.839Z\",\"name\":\"mal_url: http://89.160.20.156/yvE9cDkW1l7pXwt5/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/yvE9cDkW1l7pXwt5/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:11.839Z\"}", "type": "indicator" @@ -14740,11 +14450,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014818352Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:15.667Z\",\"description\":\"TS ID: 55280666662; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--f6bd5b3a-7b17-4b33-a487-1d47f9ffa62b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-02-02T02:00:15.667Z\",\"name\":\"mal_url: http://nortonlilly.info/boss/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/boss/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:15.667Z\"}", "type": "indicator" @@ -14792,11 +14501,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014822049Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:31.866Z\",\"description\":\"TS ID: 55280666667; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--bc1481fa-a858-4a87-9ef6-8844ace2dbed\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-02T02:00:31.866Z\",\"name\":\"mal_url: http://ildar-mael-ru.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ildar-mael-ru.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:31.866Z\"}", "type": "indicator" @@ -14843,11 +14551,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014825846Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:31.895Z\",\"description\":\"TS ID: 55280666659; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--e441cd63-5660-465f-a299-b035d8276ff6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-02T02:00:31.895Z\",\"name\":\"mal_url: http://butland.cf/sabali/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://butland.cf/sabali/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:31.895Z\"}", "type": "indicator" @@ -14895,11 +14602,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014829643Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:38.587Z\",\"description\":\"TS ID: 55280666644; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--f83c3853-4de3-4139-8076-a598265f453c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-54\"],\"modified\":\"2020-02-02T02:00:38.587Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:38.587Z\"}", "type": "indicator" @@ -14940,11 +14646,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014833430Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:38.657Z\",\"description\":\"TS ID: 55280666595; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--374e400c-0db7-4e0d-b533-5b6653178da0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-02T02:00:38.657Z\",\"name\":\"mal_url: http://f0393257.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0393257.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:38.657Z\"}", "type": "indicator" @@ -14991,11 +14696,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014837528Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:44.275Z\",\"description\":\"TS ID: 55280666609; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--6a115b32-72cb-4397-9550-28bd809ff522\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-02T02:00:44.275Z\",\"name\":\"mal_url: http://amotach-cn.com/DOTNETXXX/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://amotach-cn.com/DOTNETXXX/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:44.275Z\"}", "type": "indicator" @@ -15043,11 +14747,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014841295Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:01:03.981Z\",\"description\":\"TS ID: 55280666694; iType: mal_ip; State: active; Org: Hostinger International Limited; Source: CyberCrime\",\"id\":\"indicator--7c6e0ed1-51a4-460c-a69a-75ce73db8961\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-02T02:01:03.981Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:01:03.981Z\"}", "type": "indicator" @@ -15088,11 +14791,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014845282Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:01:09.238Z\",\"description\":\"TS ID: 55280666627; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--c5225c57-2cfd-4cd4-873a-068d5577959e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-02T02:01:09.238Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:01:09.238Z\"}", "type": "indicator" @@ -15133,11 +14835,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014849139Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:56:22.888Z\",\"description\":\"TS ID: 55283402087; iType: mal_ip; State: active; Org: Com Telecom; Source: CyberCrime\",\"id\":\"indicator--30cc7535-c071-4164-89a2-f9fe308cbe2c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-03T01:56:22.888Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:56:22.888Z\"}", "type": "indicator" @@ -15178,11 +14879,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014853197Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:56:30.815Z\",\"description\":\"TS ID: 55283402093; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--16fe8840-e1d7-4e71-acd8-d727ed7baa09\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-03T01:56:30.815Z\",\"name\":\"mal_url: http://mine.kommanditgesel.icu/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mine.kommanditgesel.icu/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:56:30.815Z\"}", "type": "indicator" @@ -15229,11 +14929,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014857225Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:56:31.691Z\",\"description\":\"TS ID: 55283402090; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--c091ca15-bd83-4318-b0f0-1c322baa7a7a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-03T01:56:31.691Z\",\"name\":\"mal_url: http://soapstampingmachines.com/slider/data1/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://soapstampingmachines.com/slider/data1/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:56:31.691Z\"}", "type": "indicator" @@ -15281,11 +14980,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014861052Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:56:34.945Z\",\"description\":\"TS ID: 55283402094; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--d68559f0-f20c-40bb-ab62-c2f80c83c80f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-03T01:56:34.945Z\",\"name\":\"mal_url: http://jino-stell-jino.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jino-stell-jino.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:56:34.945Z\"}", "type": "indicator" @@ -15332,11 +15030,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014864999Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:57:32.61Z\",\"description\":\"TS ID: 55283402104; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--ba8f8e26-04b9-460b-b1f4-cf0b2d85db94\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-03T01:57:32.61Z\",\"name\":\"mal_url: http://89.160.20.156/auth.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/auth.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:57:32.61Z\"}", "type": "indicator" @@ -15384,11 +15081,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014868736Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:57:46.702Z\",\"description\":\"TS ID: 55283402092; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--571838b6-5834-4cb9-a1eb-34f535483f4f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-56\"],\"modified\":\"2020-02-03T01:57:46.702Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:57:46.702Z\"}", "type": "indicator" @@ -15429,11 +15125,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014879246Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:58:15.744Z\",\"description\":\"TS ID: 55283402101; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime\",\"id\":\"indicator--336d902d-e5d8-48c1-87be-c4f506274d34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-03T01:58:15.744Z\",\"name\":\"mal_url: http://hypercleaner.su/auth.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://hypercleaner.su/auth.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:58:15.744Z\"}", "type": "indicator" @@ -15481,11 +15176,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014883544Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:58:28.73Z\",\"description\":\"TS ID: 55283402095; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--cae5efb7-ff91-4a8d-bf28-21ffff0e4994\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-03T01:58:28.73Z\",\"name\":\"mal_url: http://pnny.kommanditgesel.icu/news/plast/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pnny.kommanditgesel.icu/news/plast/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:58:28.73Z\"}", "type": "indicator" @@ -15533,11 +15227,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014887171Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:18.132Z\",\"description\":\"TS ID: 55283402096; iType: mal_url; State: active; Org: PT Master Web Network; Source: CyberCrime\",\"id\":\"indicator--1644ebf0-46d0-4dcc-8e04-3a58376cc625\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-02-03T01:59:18.132Z\",\"name\":\"mal_url: http://pa-buol.go.id/wp/panelnew/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pa-buol.go.id/wp/panelnew/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:18.132Z\"}", "type": "indicator" @@ -15585,11 +15278,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014891288Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:28.343Z\",\"description\":\"TS ID: 55283402103; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--a6588ee7-309e-49de-9884-faa2bdd702d2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-02-03T01:59:28.343Z\",\"name\":\"mal_url: http://89.160.20.156/auth.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/auth.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:28.343Z\"}", "type": "indicator" @@ -15637,11 +15329,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014894665Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:33.587Z\",\"description\":\"TS ID: 55283402100; iType: mal_url; State: active; Org: Com Telecom; Source: CyberCrime\",\"id\":\"indicator--8d5e44f6-7283-40f8-b9b3-2c4791832c4e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-03T01:59:33.587Z\",\"name\":\"mal_url: http://anorelier.hk/fshblfn8071/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://anorelier.hk/fshblfn8071/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:33.587Z\"}", "type": "indicator" @@ -15689,11 +15380,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014899173Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:54.52Z\",\"description\":\"TS ID: 55283402099; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--f33dd90a-b849-42af-9bcb-f60476358305\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-03T01:59:54.52Z\",\"name\":\"mal_url: http://bendetta.online/mangooste/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bendetta.online/mangooste/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:54.52Z\"}", "type": "indicator" @@ -15741,11 +15431,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014902720Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:54.544Z\",\"description\":\"TS ID: 55283402097; iType: mal_url; State: active; Org: Relink LTD; Source: CyberCrime\",\"id\":\"indicator--27f2f598-95d6-4e35-a42e-240093d4452d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-03T01:59:54.544Z\",\"name\":\"mal_url: http://kayfundz.ru/kay/eng/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kayfundz.ru/kay/eng/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:54.544Z\"}", "type": "indicator" @@ -15793,11 +15482,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014906287Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:09.73Z\",\"description\":\"TS ID: 55287965572; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--65a8989b-25c3-498e-8247-0514d5aa719e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-02-05T01:58:09.73Z\",\"name\":\"mal_url: http://unrrwa.org/rich/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://unrrwa.org/rich/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:09.73Z\"}", "type": "indicator" @@ -15845,11 +15533,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014909633Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:17.365Z\",\"description\":\"TS ID: 55287965584; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--e531a668-ef25-4b16-aa50-1b0b8f0f901e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-05T01:58:17.365Z\",\"name\":\"mal_url: http://89.160.20.156/hoist3/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/hoist3/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:17.365Z\"}", "type": "indicator" @@ -15897,11 +15584,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014913139Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:17.428Z\",\"description\":\"TS ID: 55287965574; iType: mal_ip; State: active; Org: LLC Baxet; Source: CyberCrime\",\"id\":\"indicator--7aed3145-aab6-470d-bb4f-592d86654719\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-66\"],\"modified\":\"2020-02-05T01:58:17.428Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:17.428Z\"}", "type": "indicator" @@ -15942,11 +15628,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014916706Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:31.683Z\",\"description\":\"TS ID: 55287965571; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--af8e5326-c1d4-4f9e-8f47-ee23c6a2606a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-05T01:58:31.683Z\",\"name\":\"mal_url: http://xigkxc.xyz/Atoz/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xigkxc.xyz/Atoz/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:31.683Z\"}", "type": "indicator" @@ -15994,11 +15679,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014920333Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:31.704Z\",\"description\":\"TS ID: 55287965557; iType: mal_url; State: active; Org: 1\u00261 Internet AG; Source: CyberCrime\",\"id\":\"indicator--59c28566-62b0-4102-ad17-53ec3a143144\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-05T01:58:31.704Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:31.704Z\"}", "type": "indicator" @@ -16046,11 +15730,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014924Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:32.111Z\",\"description\":\"TS ID: 55287965585; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--56524b03-3217-40a0-9180-dc8262b3b6f9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-05T01:58:32.111Z\",\"name\":\"mal_url: http://89.160.20.156/Silkop/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/Silkop/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:32.111Z\"}", "type": "indicator" @@ -16098,11 +15781,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014927366Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:32.145Z\",\"description\":\"TS ID: 55287965577; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--69661075-e6cb-4054-820c-61954757f0ba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-05T01:58:32.145Z\",\"name\":\"mal_url: http://plosss.com/lok/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://plosss.com/lok/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:32.145Z\"}", "type": "indicator" @@ -16150,11 +15832,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014930873Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:34.795Z\",\"description\":\"TS ID: 55287965581; iType: mal_url; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime\",\"id\":\"indicator--5be6be50-c2ef-4502-857e-f69dd17d37a9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-05T01:58:34.795Z\",\"name\":\"mal_url: http://everest--sh.com/coco/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://everest--sh.com/coco/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:34.795Z\"}", "type": "indicator" @@ -16202,11 +15883,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014934359Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:34.836Z\",\"description\":\"TS ID: 55287965567; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--7de3f68d-51ed-43c0-b5d9-c63d621aa99f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-05T01:58:34.836Z\",\"name\":\"mal_url: http://domainmanagerz.net/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://domainmanagerz.net/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:34.836Z\"}", "type": "indicator" @@ -16253,11 +15933,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014937846Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:41.381Z\",\"description\":\"TS ID: 55287965564; iType: mal_url; State: active; Org: A2 Hosting; Source: CyberCrime\",\"id\":\"indicator--08ec347d-3d22-45e6-96fc-3fc3bb37c720\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-05T01:58:41.381Z\",\"name\":\"mal_url: http://groupbizconsulting.com/p3/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://groupbizconsulting.com/p3/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:41.381Z\"}", "type": "indicator" @@ -16305,11 +15984,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014941352Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:59.279Z\",\"description\":\"TS ID: 55287965569; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--b845a78e-d141-455e-92ff-df401787a3cd\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-05T01:58:59.279Z\",\"name\":\"mal_url: http://samundarmarine.com/denty/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samundarmarine.com/denty/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:59.279Z\"}", "type": "indicator" @@ -16357,11 +16035,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014944779Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:03.426Z\",\"description\":\"TS ID: 55287965563; iType: mal_url; State: active; Org: A2 Hosting; Source: CyberCrime\",\"id\":\"indicator--e9d4f82a-bc23-4f9a-81e0-05097acc6daa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-05T01:59:03.426Z\",\"name\":\"mal_url: http://groupbizconsulting.com/p4/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://groupbizconsulting.com/p4/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:03.426Z\"}", "type": "indicator" @@ -16409,11 +16086,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014948235Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:04.695Z\",\"description\":\"TS ID: 55287965555; iType: mal_ip; State: active; Org: Hetzner Online GmbH; Source: CyberCrime\",\"id\":\"indicator--57e76166-d475-4027-b2d9-b4910c5b0747\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-32\"],\"modified\":\"2020-02-05T01:59:04.695Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:04.695Z\"}", "type": "indicator" @@ -16454,11 +16130,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014952323Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:06.271Z\",\"description\":\"TS ID: 55287965580; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--63fdc395-3d7f-4435-a7ea-2c26783ea7b9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-05T01:59:06.271Z\",\"name\":\"mal_url: http://gpi-q.com/cake/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/cake/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:06.271Z\"}", "type": "indicator" @@ -16506,11 +16181,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014955739Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:24.611Z\",\"description\":\"TS ID: 55287965562; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--9ed89f91-5df1-4cad-b6e7-9d275759d32e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-05T01:59:24.611Z\",\"name\":\"mal_url: http://ipblasta.com/kmaker/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ipblasta.com/kmaker/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:24.611Z\"}", "type": "indicator" @@ -16558,11 +16232,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014959526Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:31.341Z\",\"description\":\"TS ID: 55287965559; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime\",\"id\":\"indicator--421221e0-b0c7-4bbe-a12c-412f689f4769\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-02-05T01:59:31.341Z\",\"name\":\"mal_url: http://softtouchcollars.com/origin/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://softtouchcollars.com/origin/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:31.341Z\"}", "type": "indicator" @@ -16610,11 +16283,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014975807Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:47.461Z\",\"description\":\"TS ID: 55287965566; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--369ccb92-5a3b-41cf-853f-dac750e7a9d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-21\"],\"modified\":\"2020-02-05T01:59:47.461Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:47.461Z\"}", "type": "indicator" @@ -16655,11 +16327,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.014981548Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:47.506Z\",\"description\":\"TS ID: 55287965561; iType: mal_ip; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--5fb846be-33fa-4bcb-ac9f-ad6a31e4daef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-05T01:59:47.506Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:47.506Z\"}", "type": "indicator" @@ -16700,11 +16371,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015010782Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:16.19Z\",\"description\":\"TS ID: 55287965578; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--1a4e59e6-28dd-4087-9a19-b5d274d484d5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-96\"],\"modified\":\"2020-02-05T02:00:16.19Z\",\"name\":\"mal_url: http://mikeservers.eu/kings/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mikeservers.eu/kings/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:16.19Z\"}", "type": "indicator" @@ -16752,11 +16422,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015017916Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:23.009Z\",\"description\":\"TS ID: 55287965575; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--aef5784f-1ba2-4f45-9345-9b96bffe3cfd\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-02-05T02:00:23.009Z\",\"name\":\"mal_url: http://printystore.com.pe/img/lop/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://printystore.com.pe/img/lop/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:23.009Z\"}", "type": "indicator" @@ -16804,11 +16473,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015042161Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:29.679Z\",\"description\":\"TS ID: 55287965579; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--5fbeda08-8cf4-459a-873c-28cef82221b5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-05T02:00:29.679Z\",\"name\":\"mal_url: http://kdi-kongsberg.com/stan/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kdi-kongsberg.com/stan/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:29.679Z\"}", "type": "indicator" @@ -16856,11 +16524,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015047521Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:52.297Z\",\"description\":\"TS ID: 55287965570; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--b4e748c7-0beb-4b0f-a234-938ad9a6b884\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-05T02:00:52.297Z\",\"name\":\"mal_url: http://futuracosmetic.com/frank/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://futuracosmetic.com/frank/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:52.297Z\"}", "type": "indicator" @@ -16908,11 +16575,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015052531Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:57.141Z\",\"description\":\"TS ID: 55287965588; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--320c2f41-7546-4aa7-afef-5188df844448\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-05T02:00:57.141Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/tel/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/tel/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:57.141Z\"}", "type": "indicator" @@ -16960,11 +16626,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015056318Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:57.172Z\",\"description\":\"TS ID: 55287965586; iType: mal_url; State: active; Org: Hetzner Online GmbH; Source: CyberCrime\",\"id\":\"indicator--18a1307c-2dfc-43f9-9e47-93d00c63efcc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-02-05T02:00:57.172Z\",\"name\":\"mal_url: http://video-ld.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://video-ld.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:57.172Z\"}", "type": "indicator" @@ -17012,11 +16677,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015060225Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:57.733Z\",\"description\":\"TS ID: 55287965560; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--1e94e26d-5158-4519-b166-2b7e87c2e5de\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-05T02:00:57.733Z\",\"name\":\"mal_url: http://nortonlilly.info/emma/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/emma/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:57.733Z\"}", "type": "indicator" @@ -17064,11 +16728,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015066116Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:03.604Z\",\"description\":\"TS ID: 55287965573; iType: mal_url; State: active; Org: Relink LTD; Source: CyberCrime\",\"id\":\"indicator--e396f12a-867b-4e91-8796-d042aef55ce3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-05T02:01:03.604Z\",\"name\":\"mal_url: http://trouserlanditd.com/didi/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trouserlanditd.com/didi/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:03.604Z\"}", "type": "indicator" @@ -17116,11 +16779,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015070805Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:16.051Z\",\"description\":\"TS ID: 55287965589; iType: mal_ip; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--5b35dbd2-4915-4c56-9213-7d5272715cb7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-05T02:01:16.051Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:16.051Z\"}", "type": "indicator" @@ -17161,11 +16823,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015074372Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:18.261Z\",\"description\":\"TS ID: 55287965582; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--8dff68c1-1114-4092-9f29-f655f27d2337\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-60\"],\"modified\":\"2020-02-05T02:01:18.261Z\",\"name\":\"mal_url: http://espoirpharmaceutical.com/includes/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://espoirpharmaceutical.com/includes/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:18.261Z\"}", "type": "indicator" @@ -17213,11 +16874,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015077908Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:18.285Z\",\"description\":\"TS ID: 55287965565; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--19636e7d-febc-4ae1-879a-28af129c19b3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-60\"],\"modified\":\"2020-02-05T02:01:18.285Z\",\"name\":\"mal_url: http://credoaz.com/journals/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://credoaz.com/journals/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:18.285Z\"}", "type": "indicator" @@ -17265,11 +16925,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015081425Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:21.73Z\",\"description\":\"TS ID: 55287965587; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--593225c7-68c8-44db-82bf-2c550931a60c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-05T02:01:21.73Z\",\"name\":\"mal_url: http://bestlogs.myjino.ru/best/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bestlogs.myjino.ru/best/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:21.73Z\"}", "type": "indicator" @@ -17317,11 +16976,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015085362Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:08.953Z\",\"description\":\"TS ID: 55290730789; iType: mal_url; State: active; Org: TimeWeb Ltd.; Source: CyberCrime\",\"id\":\"indicator--782e9560-3f13-43eb-9720-e5b43d9a8dd9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-06T02:10:08.953Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:08.953Z\"}", "type": "indicator" @@ -17368,11 +17026,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015088648Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:15.947Z\",\"description\":\"TS ID: 55290730799; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--9586420f-3737-47b6-8d58-526f629d66e2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-06T02:10:15.947Z\",\"name\":\"mal_url: http://justwer.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://justwer.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:15.947Z\"}", "type": "indicator" @@ -17419,11 +17076,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015092225Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:15.988Z\",\"description\":\"TS ID: 55290730784; iType: mal_ip; State: active; Org: InMotion Hosting; Source: CyberCrime\",\"id\":\"indicator--4d0f3370-af7d-4902-abea-65d9f924458b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-06T02:10:15.988Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:15.988Z\"}", "type": "indicator" @@ -17464,11 +17120,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015095491Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:22.051Z\",\"description\":\"TS ID: 55290730781; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--12dac6fb-e53b-4742-9cc4-da362e880571\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-06T02:10:22.051Z\",\"name\":\"mal_url: http://u-knlt.com/Pablo/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://u-knlt.com/Pablo/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:22.051Z\"}", "type": "indicator" @@ -17516,11 +17171,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015098697Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:23.024Z\",\"description\":\"TS ID: 55290730808; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--d5c7a00c-4ab5-4501-b79c-4e96838e5602\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-06T02:10:23.024Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:23.024Z\"}", "type": "indicator" @@ -17561,11 +17215,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015101813Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:35.597Z\",\"description\":\"TS ID: 55290730780; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--524c1a55-264d-4f41-a854-1f0601921675\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-06T02:10:35.597Z\",\"name\":\"mal_url: http://f0378370.xsph.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0378370.xsph.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:35.597Z\"}", "type": "indicator" @@ -17613,11 +17266,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015105109Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:59.132Z\",\"description\":\"TS ID: 55290730787; iType: mal_url; State: active; Org: N-b Tv Sat Srl; Source: CyberCrime\",\"id\":\"indicator--d8d588e2-5ab4-4937-9051-ae93e79c0204\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-06T02:10:59.132Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:59.132Z\"}", "type": "indicator" @@ -17664,11 +17316,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015109207Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:08.205Z\",\"description\":\"TS ID: 55290730776; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--6b38040c-6578-43c4-8cec-a426d1079a96\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-06T02:11:08.205Z\",\"name\":\"mal_url: http://f0396918.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0396918.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:08.205Z\"}", "type": "indicator" @@ -17715,11 +17366,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015112914Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:15.653Z\",\"description\":\"TS ID: 55290730807; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--22ba0c46-ef00-43cc-a2e1-ff75417cf11d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-06T02:11:15.653Z\",\"name\":\"mal_url: http://gpi-q.com/cup/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/cup/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:15.653Z\"}", "type": "indicator" @@ -17767,11 +17417,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015117412Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:17.072Z\",\"description\":\"TS ID: 55290730801; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--257bcf28-e6ee-46e8-b9fe-d192fdc7c959\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-06T02:11:17.072Z\",\"name\":\"mal_url: http://l5056942.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l5056942.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:17.072Z\"}", "type": "indicator" @@ -17818,11 +17467,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015121059Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:17.098Z\",\"description\":\"TS ID: 55290730797; iType: mal_url; State: active; Org: LLC Eximius; Source: CyberCrime\",\"id\":\"indicator--788aa60d-57c8-4a4c-9666-d6869ccd6c49\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-06T02:11:17.098Z\",\"name\":\"mal_url: http://h146438.s21.test-hf.su/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://h146438.s21.test-hf.su/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:17.098Z\"}", "type": "indicator" @@ -17870,11 +17518,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015124275Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:27.123Z\",\"description\":\"TS ID: 55290730782; iType: mal_url; State: active; Org: Hotwire Fision; Source: CyberCrime\",\"id\":\"indicator--29909afa-ad21-493c-b420-870dbc8dd0da\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-06T02:11:27.123Z\",\"name\":\"mal_url: http://tranpip.com/vla/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tranpip.com/vla/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:27.123Z\"}", "type": "indicator" @@ -17922,11 +17569,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015127571Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:37.189Z\",\"description\":\"TS ID: 55290730803; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--eb5264f6-1f6e-4d1e-a813-d668ef8e6e0e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-06T02:11:37.189Z\",\"name\":\"mal_url: http://l1430a3c.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l1430a3c.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:37.189Z\"}", "type": "indicator" @@ -17973,11 +17619,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015130727Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:12:51.488Z\",\"description\":\"TS ID: 55290730778; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--c5829f98-8034-4bab-b591-9d3fbda9f448\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-06T02:12:51.488Z\",\"name\":\"mal_url: http://f0391270.xsph.ru/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391270.xsph.ru/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:12:51.488Z\"}", "type": "indicator" @@ -18025,11 +17670,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015134134Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:12:52.562Z\",\"description\":\"TS ID: 55290730800; iType: mal_url; State: active; Org: N-b Tv Sat Srl; Source: CyberCrime\",\"id\":\"indicator--14575771-256c-4f2f-b4bc-7b96c6805b24\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-06T02:12:52.562Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:12:52.562Z\"}", "type": "indicator" @@ -18076,11 +17720,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015137390Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:13:24.038Z\",\"description\":\"TS ID: 55290730798; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--41ca379f-0e97-452f-bed7-0dcaa6509a87\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-06T02:13:24.038Z\",\"name\":\"mal_url: http://xmpzi.icu/blue/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xmpzi.icu/blue/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:13:24.038Z\"}", "type": "indicator" @@ -18128,11 +17771,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015141117Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:13:26.405Z\",\"description\":\"TS ID: 55290730786; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime\",\"id\":\"indicator--5b354705-abe0-4b58-b088-aba7ddc92d6c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-35\"],\"modified\":\"2020-02-06T02:13:26.405Z\",\"name\":\"mal_url: http://155.94.210.79/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://155.94.210.79/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:13:26.405Z\"}", "type": "indicator" @@ -18179,11 +17821,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015144303Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:04.592Z\",\"description\":\"TS ID: 55290730804; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--6f406e7c-e62d-4431-b7eb-d8bc42d48b54\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-06T02:14:04.592Z\",\"name\":\"mal_url: http://lf9a7e2b.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lf9a7e2b.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:04.592Z\"}", "type": "indicator" @@ -18230,11 +17871,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015147880Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:13.434Z\",\"description\":\"TS ID: 55290730806; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--1a0f27f7-a8a7-4dd5-b5cc-a7146221fc31\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-06T02:14:13.434Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:13.434Z\"}", "type": "indicator" @@ -18281,11 +17921,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015151216Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:13.474Z\",\"description\":\"TS ID: 55290730796; iType: mal_ip; State: active; Org: OVH SAS; Source: CyberCrime\",\"id\":\"indicator--72bcbdc1-6c42-4fe9-b6b2-2a8519672418\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-16\"],\"modified\":\"2020-02-06T02:14:13.474Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:13.474Z\"}", "type": "indicator" @@ -18326,11 +17965,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015154833Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:13.506Z\",\"description\":\"TS ID: 55290730793; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--a2c76402-f9d0-4ea1-9ed0-b035bce4c7a6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-06T02:14:13.506Z\",\"name\":\"mal_url: http://tikkies.eu/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tikkies.eu/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:13.506Z\"}", "type": "indicator" @@ -18377,11 +18015,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015158119Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:14.285Z\",\"description\":\"TS ID: 55290730805; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--2e110e0c-f7af-4738-bed2-057bebad6f44\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-06T02:14:14.285Z\",\"name\":\"mal_url: http://lb1a9935.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lb1a9935.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:14.285Z\"}", "type": "indicator" @@ -18428,11 +18065,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015161545Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:30.841Z\",\"description\":\"TS ID: 55290730788; iType: mal_url; State: active; Org: Cyber Wurx LLC; Source: CyberCrime\",\"id\":\"indicator--20a1654d-6008-4d85-a2f0-cc9eaadabe43\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-23\"],\"modified\":\"2020-02-06T02:14:30.841Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:30.841Z\"}", "type": "indicator" @@ -18479,11 +18115,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015165222Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T01:58:49.531Z\",\"description\":\"TS ID: 55295317584; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--e9848e5a-4cbf-4156-827d-b0e0e73d9f2e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-07T01:58:49.531Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.golob/ds.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.golob/ds.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T01:58:49.531Z\"}", "type": "indicator" @@ -18531,11 +18166,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015168608Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T01:58:49.782Z\",\"description\":\"TS ID: 55295317585; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--44a6ba7f-2847-45c5-b4f3-452582094240\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-07T01:58:49.782Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.jonovis/xr.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.jonovis/xr.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T01:58:49.782Z\"}", "type": "indicator" @@ -18583,11 +18217,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015172506Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T01:59:00.621Z\",\"description\":\"TS ID: 55295317581; iType: mal_url; State: active; Org: MVPS LTD; Source: CyberCrime\",\"id\":\"indicator--dad51188-cf4b-4585-8fe2-bfeb4ab3a864\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-07T01:59:00.621Z\",\"name\":\"mal_url: http://89.160.20.156/xcool!/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://189.160.20.156/xcool!/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T01:59:00.621Z\"}", "type": "indicator" @@ -18635,11 +18268,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015176062Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T02:01:59.646Z\",\"description\":\"TS ID: 55295317582; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--a8895396-ac11-49f3-bb81-6e854b871870\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-07T02:01:59.646Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.fotoci/ji.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.fotoci/ji.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T02:01:59.646Z\"}", "type": "indicator" @@ -18687,11 +18319,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015179459Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T02:02:24.529Z\",\"description\":\"TS ID: 55295317583; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--2d0ab756-16e3-4679-86d9-b5ef1bc14a32\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-07T02:02:24.529Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.hokbi/cv.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.hokbi/cv.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T02:02:24.529Z\"}", "type": "indicator" @@ -18739,11 +18370,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015182675Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:11.92Z\",\"description\":\"TS ID: 55298072069; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--0e0304f5-9735-4c6d-a860-95633369db34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-22\"],\"modified\":\"2020-02-08T14:02:11.92Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:11.92Z\"}", "type": "indicator" @@ -18784,11 +18414,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015186041Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:14.399Z\",\"description\":\"TS ID: 55298070452; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--7af00858-9e0a-437b-af35-a4ef0b6527a5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-02-08T14:02:14.399Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:14.399Z\"}", "type": "indicator" @@ -18829,11 +18458,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015189217Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:17.271Z\",\"description\":\"TS ID: 55298068887; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--257cd2f9-ce06-4091-83e2-63d61b7e8bfa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-08T14:02:17.271Z\",\"name\":\"mal_url: http://smineolo39wings.in/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://smineolo39wings.in/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:17.271Z\"}", "type": "indicator" @@ -18880,11 +18508,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015192323Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:23Z\",\"description\":\"TS ID: 55298071788; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--8438ae84-2b7d-4fea-b1cd-fbec85ea3e58\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-08T14:02:23Z\",\"name\":\"mal_url: http://go.trust-oot.info/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://go.trust-oot.info/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:23Z\"}", "type": "indicator" @@ -18931,11 +18558,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015195589Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:23.507Z\",\"description\":\"TS ID: 55298070914; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime\",\"id\":\"indicator--7f6369a7-af79-45ca-96e4-3e5c309337de\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-02-08T14:02:23.507Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:23.507Z\"}", "type": "indicator" @@ -18982,11 +18608,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015198905Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:23.547Z\",\"description\":\"TS ID: 55298068879; iType: mal_ip; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--e1a9f3d2-0a84-4814-bac9-c9e60ad73cca\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-02-08T14:02:23.547Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:23.547Z\"}", "type": "indicator" @@ -19027,11 +18652,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015202402Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:33.679Z\",\"description\":\"TS ID: 55298069345; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--1aa4e592-6c78-43e8-b47c-2494a948d25c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-02-08T14:02:33.679Z\",\"name\":\"mal_url: http://f0391897.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391897.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:33.679Z\"}", "type": "indicator" @@ -19078,11 +18702,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015205618Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:53.996Z\",\"description\":\"TS ID: 55298070323; iType: mal_ip; State: active; Org: Offshore Racks S.A; Source: CyberCrime\",\"id\":\"indicator--0140ac57-a9a4-408a-9f53-f5b33f85dc80\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-21\"],\"modified\":\"2020-02-08T14:02:53.996Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:53.996Z\"}", "type": "indicator" @@ -19123,11 +18746,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015210106Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:57.507Z\",\"description\":\"TS ID: 55298070037; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--46c21251-c655-40c1-896d-2f4712091b7b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-08T14:02:57.507Z\",\"name\":\"mal_url: http://nikitakoteqka1.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nikitakoteqka1.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:57.507Z\"}", "type": "indicator" @@ -19174,11 +18796,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015213523Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:59.236Z\",\"description\":\"TS ID: 55298072047; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--7921e9e8-393c-4b0d-888f-bea034112f06\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-08T14:02:59.236Z\",\"name\":\"mal_url: http://xgkxc.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xgkxc.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:59.236Z\"}", "type": "indicator" @@ -19226,11 +18847,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015216789Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:59.246Z\",\"description\":\"TS ID: 55298071436; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--a59774c5-c288-44a0-9eab-28d93c5d0ab4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-08T14:02:59.246Z\",\"name\":\"mal_url: http://100stuff.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://100stuff.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:59.246Z\"}", "type": "indicator" @@ -19277,11 +18897,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015220025Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:59.31Z\",\"description\":\"TS ID: 55298071076; iType: mal_ip; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime\",\"id\":\"indicator--d74f403a-0673-4594-a4fc-61a22ab7fa21\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-30\"],\"modified\":\"2020-02-08T14:02:59.31Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:59.31Z\"}", "type": "indicator" @@ -19322,11 +18941,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015224062Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:59.432Z\",\"description\":\"TS ID: 55298069175; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--3cac5b3d-ffa6-4f5c-b190-7de9eb2e5a00\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-08T14:02:59.432Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:59.432Z\"}", "type": "indicator" @@ -19367,11 +18985,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015227689Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:17.953Z\",\"description\":\"TS ID: 55298072311; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--86c43dc8-a27e-4f30-a29e-ba174f0a03ef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-08T14:03:17.953Z\",\"name\":\"mal_url: http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:17.953Z\"}", "type": "indicator" @@ -19419,11 +19036,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015231677Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:21.626Z\",\"description\":\"TS ID: 55298071960; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--d900b770-4f2f-4597-ba97-a3e62646eca8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-08T14:03:21.626Z\",\"name\":\"mal_url: http://xgkxc.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xgkxc.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:21.626Z\"}", "type": "indicator" @@ -19471,11 +19087,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015235514Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:23.941Z\",\"description\":\"TS ID: 55298070427; iType: mal_url; State: active; Org: SBCLOUD; Source: CyberCrime\",\"id\":\"indicator--be5fb697-b554-4042-8185-f4148a5d02a2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-08T14:03:23.941Z\",\"name\":\"mal_url: http://boomcoins.ml/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://boomcoins.ml/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:23.941Z\"}", "type": "indicator" @@ -19522,11 +19137,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015239060Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:34.136Z\",\"description\":\"TS ID: 55298071042; iType: mal_url; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime\",\"id\":\"indicator--31a6a6c3-f385-421f-9ebb-d5cdced1dfd5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-30\"],\"modified\":\"2020-02-08T14:03:34.136Z\",\"name\":\"mal_url: http://asstubevideos.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://asstubevideos.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:34.136Z\"}", "type": "indicator" @@ -19573,11 +19187,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015242637Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:34.507Z\",\"description\":\"TS ID: 55298069289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--8c9846cd-2a0b-40c3-91f2-5893c05b1560\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-08T14:03:34.507Z\",\"name\":\"mal_url: http://f0397413.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0397413.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:34.507Z\"}", "type": "indicator" @@ -19624,11 +19237,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015245883Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:42.075Z\",\"description\":\"TS ID: 55298071476; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--4e5ac673-3459-45d1-817e-d7aca2850c5e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-08T14:03:42.075Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:42.075Z\"}", "type": "indicator" @@ -19669,11 +19281,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015249059Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:42.298Z\",\"description\":\"TS ID: 55298069324; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--8d463a9a-c285-4af6-91e8-bfd7e65d820f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-08T14:03:42.298Z\",\"name\":\"mal_url: http://f0396512.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0396512.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:42.298Z\"}", "type": "indicator" @@ -19720,11 +19331,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015252385Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:46.901Z\",\"description\":\"TS ID: 55298070290; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--bf76b431-6b24-4b63-89d6-4f026a2e5169\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-63\"],\"modified\":\"2020-02-08T14:03:46.901Z\",\"name\":\"mal_url: http://j1043204.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j1043204.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:46.901Z\"}", "type": "indicator" @@ -19771,11 +19381,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015255752Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:47.108Z\",\"description\":\"TS ID: 55298069358; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--646c9b00-80f7-4457-b2bc-1da854c211d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-08T14:03:47.108Z\",\"name\":\"mal_url: http://f0387320.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387320.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:47.108Z\"}", "type": "indicator" @@ -19822,11 +19431,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015258998Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:50.674Z\",\"description\":\"TS ID: 55298072749; iType: mal_url; State: active; Org: SpaceWeb CJSC; Source: CyberCrime\",\"id\":\"indicator--48ad83a8-cec1-4d85-a9fd-1b7f9308cb6a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-08T14:03:50.674Z\",\"name\":\"mal_url: http://rqx10504bc.temp.swtest.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rqx10504bc.temp.swtest.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:50.674Z\"}", "type": "indicator" @@ -19874,11 +19482,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015262164Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:53.621Z\",\"description\":\"TS ID: 55298069555; iType: mal_url; State: active; Org: OOO Network of data-centers Selectel; Source: CyberCrime\",\"id\":\"indicator--8e98212b-20f2-404f-804b-8ab7519c5683\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-08T14:03:53.621Z\",\"name\":\"mal_url: http://j6g3fzp.5k5.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j6g3fzp.5k5.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:53.621Z\"}", "type": "indicator" @@ -19926,11 +19533,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015265290Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:58.176Z\",\"description\":\"TS ID: 55298069681; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--395e83ba-96c1-45d2-b4b2-c065af5547fe\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-08T14:03:58.176Z\",\"name\":\"mal_url: http://stableupdater.ru.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://stableupdater.ru.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:58.176Z\"}", "type": "indicator" @@ -19977,11 +19583,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015268315Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:58.41Z\",\"description\":\"TS ID: 55298072652; iType: mal_url; State: active; Org: Netrouting; Source: CyberCrime\",\"id\":\"indicator--84dceb2a-fb38-4d98-9005-7f05460e8f3a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-48\"],\"modified\":\"2020-02-08T14:03:58.41Z\",\"name\":\"mal_url: http://209.182.217.85/auth.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://209.182.217.85/auth.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:58.41Z\"}", "type": "indicator" @@ -20029,11 +19634,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015271992Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.627Z\",\"description\":\"TS ID: 55298073012; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--ca97a773-4de3-4c9d-8f4c-b7350a615c45\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-08T14:04:30.627Z\",\"name\":\"mal_url: http://fentq.org/x/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fentq.org/x/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.627Z\"}", "type": "indicator" @@ -20081,11 +19685,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015275198Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.659Z\",\"description\":\"TS ID: 55298072708; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--d0653208-3d17-48c8-a47d-a6dede383ad8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-08T14:04:30.659Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/beta/aps/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/beta/aps/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.659Z\"}", "type": "indicator" @@ -20133,11 +19736,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015278174Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.733Z\",\"description\":\"TS ID: 55298072377; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--7873494f-24fb-42a6-ae17-299b9825e220\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-22\"],\"modified\":\"2020-02-08T14:04:30.733Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.733Z\"}", "type": "indicator" @@ -20178,11 +19780,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015281710Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.81Z\",\"description\":\"TS ID: 55298072245; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--14e760f3-eb76-412c-ab7b-8267bd65deb5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-08T14:04:30.81Z\",\"name\":\"mal_url: http://hanmha.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://hanmha.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.81Z\"}", "type": "indicator" @@ -20230,11 +19831,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015284836Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.84Z\",\"description\":\"TS ID: 55298072104; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--8a5aa5ab-e8ec-4641-9cfb-179df3bede39\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-08T14:04:30.84Z\",\"name\":\"mal_url: http://trouserlanditd.com/dabs/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trouserlanditd.com/dabs/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.84Z\"}", "type": "indicator" @@ -20282,11 +19882,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015288132Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.927Z\",\"description\":\"TS ID: 55298071479; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--5bbb8e55-9eb7-4b8a-a7aa-d79c53a0e596\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-08T14:04:30.927Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.927Z\"}", "type": "indicator" @@ -20333,11 +19932,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015291278Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:35.541Z\",\"description\":\"TS ID: 55298071733; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--cd3bea2d-dd64-463e-ae03-2a582c2261f2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-02-08T14:04:35.541Z\",\"name\":\"mal_url: http://trust-oot.info/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trust-oot.info/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:35.541Z\"}", "type": "indicator" @@ -20384,11 +19982,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015294444Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:35.641Z\",\"description\":\"TS ID: 55298069948; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--543aeaab-e5f0-42bc-afa5-6cd3cc9a26ec\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-08T14:04:35.641Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:35.641Z\"}", "type": "indicator" @@ -20429,11 +20026,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015297951Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:37.657Z\",\"description\":\"TS ID: 55298071095; iType: mal_url; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime\",\"id\":\"indicator--d2987902-59e6-4667-b011-f20e93e283d9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-30\"],\"modified\":\"2020-02-08T14:04:37.657Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:37.657Z\"}", "type": "indicator" @@ -20480,11 +20076,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015301057Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:41.785Z\",\"description\":\"TS ID: 55298072117; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--093718d8-bb0e-4816-ab4b-c97cb95d5531\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-02-08T14:04:41.785Z\",\"name\":\"mal_url: http://serviciotecnicoenperu.com/contactar/zz/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://serviciotecnicoenperu.com/contactar/zz/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:41.785Z\"}", "type": "indicator" @@ -20532,11 +20127,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015304313Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:43.759Z\",\"description\":\"TS ID: 55298071859; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--dfdca2f0-75cc-4e33-9045-e2ba136c0183\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-08T14:04:43.759Z\",\"name\":\"mal_url: http://xgkxc.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xgkxc.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:43.759Z\"}", "type": "indicator" @@ -20584,11 +20178,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015307389Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:43.783Z\",\"description\":\"TS ID: 55298070283; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--0e501865-d0a0-493b-8302-02efe0f2c5d1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-08T14:04:43.783Z\",\"name\":\"mal_url: http://kmfjlool.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kmfjlool.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:43.783Z\"}", "type": "indicator" @@ -20635,11 +20228,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015310975Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-09T05:09:33.689Z\",\"description\":\"TS ID: 55300025372; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--91f46249-8fa5-4e88-bb38-0448b08b5448\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-09T05:09:33.689Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-09T05:09:33.689Z\"}", "type": "indicator" @@ -20680,11 +20272,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015314181Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:01:30.459Z\",\"description\":\"TS ID: 55303483956; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--07925c70-b345-4aa6-8f40-e19602cf0429\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-10T02:01:30.459Z\",\"name\":\"mal_url: http://pentestblog.xyz/panel/login/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pentestblog.xyz/panel/login/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:01:30.459Z\"}", "type": "indicator" @@ -20731,11 +20322,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015317257Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:01:36.571Z\",\"description\":\"TS ID: 55303483889; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--00195f28-4745-41a3-9710-7e2266b1270e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-02-10T02:01:36.571Z\",\"name\":\"mal_url: http://f0386817.xsph.ru/32cd6120/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0386817.xsph.ru/32cd6120/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:01:36.571Z\"}", "type": "indicator" @@ -20783,11 +20373,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015320904Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:01:36.621Z\",\"description\":\"TS ID: 55303483880; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--eae0ef0b-3b77-401b-8835-4ad9cb97171d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-10T02:01:36.621Z\",\"name\":\"mal_url: http://f0395086.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0395086.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:01:36.621Z\"}", "type": "indicator" @@ -20834,11 +20423,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015324010Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:06.427Z\",\"description\":\"TS ID: 55303483638; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--05d25a1d-cf55-4b36-93ee-dbf618980b2f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-44\"],\"modified\":\"2020-02-10T02:02:06.427Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:06.427Z\"}", "type": "indicator" @@ -20886,11 +20474,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015327306Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:14.887Z\",\"description\":\"TS ID: 55303483942; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--9af2b6ee-aec5-481a-8e93-2a7153fcf05e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-10T02:02:14.887Z\",\"name\":\"mal_url: http://worldatdoor.in/wire/32/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/wire/32/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:14.887Z\"}", "type": "indicator" @@ -20938,11 +20525,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015330472Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:16.263Z\",\"description\":\"TS ID: 55303483899; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--1641ace0-37a5-4364-8400-e422b5cdbcec\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-02-10T02:02:16.263Z\",\"name\":\"mal_url: http://wwe23pro.myjino.ru/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://wwe23pro.myjino.ru/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:16.263Z\"}", "type": "indicator" @@ -20990,11 +20576,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015333728Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:35.848Z\",\"description\":\"TS ID: 55303483868; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--3e09e501-0b80-4de6-b5a9-1d30b5687a24\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-44\"],\"modified\":\"2020-02-10T02:02:35.848Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:35.848Z\"}", "type": "indicator" @@ -21035,11 +20620,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015336904Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:45.419Z\",\"description\":\"TS ID: 55303483940; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--85ab9568-e7f5-40c6-935d-8bdbe263970c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-02-10T02:02:45.419Z\",\"name\":\"mal_url: http://garex.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://garex.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:45.419Z\"}", "type": "indicator" @@ -21086,11 +20670,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015340040Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:47.096Z\",\"description\":\"TS ID: 55303483952; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--05509090-9cd9-43b0-892c-02318134a893\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-02-10T02:02:47.096Z\",\"name\":\"mal_url: http://jerichoconstructioncompany.com/wps/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jerichoconstructioncompany.com/wps/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:47.096Z\"}", "type": "indicator" @@ -21138,11 +20721,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015343266Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:55.786Z\",\"description\":\"TS ID: 55303483873; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--c884bffa-1248-483b-bdf8-dada05340ea4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-10T02:02:55.786Z\",\"name\":\"mal_url: http://f0396079.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0396079.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:55.786Z\"}", "type": "indicator" @@ -21189,11 +20771,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015346292Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:03:03.62Z\",\"description\":\"TS ID: 55303483931; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--14bb6b9e-e4f9-4059-a1a0-f06481441883\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-10T02:03:03.62Z\",\"name\":\"mal_url: http://impulsefittness.info/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://impulsefittness.info/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:03:03.62Z\"}", "type": "indicator" @@ -21241,11 +20822,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015350039Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:03:53.711Z\",\"description\":\"TS ID: 55303483865; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--92bdd0d7-0d15-4bcb-bf37-6aec2b0114b8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-10T02:03:53.711Z\",\"name\":\"mal_url: http://pentestblog.xyz/csc/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pentestblog.xyz/csc/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:03:53.711Z\"}", "type": "indicator" @@ -21293,11 +20873,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015353235Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:03:57.56Z\",\"description\":\"TS ID: 55303483938; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--eb0c4603-82ac-4283-bda3-ce9d276bc002\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-10T02:03:57.56Z\",\"name\":\"mal_url: http://pom4ekk.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pom4ekk.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:03:57.56Z\"}", "type": "indicator" @@ -21344,11 +20923,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015356300Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:04:24.419Z\",\"description\":\"TS ID: 55303483870; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--14393248-efcc-4446-9c71-c24b8ea653ab\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-10T02:04:24.419Z\",\"name\":\"mal_url: http://f0396384.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0396384.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:04:24.419Z\"}", "type": "indicator" @@ -21395,11 +20973,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015359396Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:04:39.273Z\",\"description\":\"TS ID: 55303483883; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--5139b761-30aa-48b8-a7f6-4d125117fd4d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-10T02:04:39.273Z\",\"name\":\"mal_url: http://f0391247.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391247.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:04:39.273Z\"}", "type": "indicator" @@ -21446,11 +21023,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015362702Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:05:59.738Z\",\"description\":\"TS ID: 55306531291; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--8aed750b-7bc5-41be-956d-5c27ba956957\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-11T02:05:59.738Z\",\"name\":\"mal_url: http://borrdrillling.com/benz-forlife/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://borrdrillling.com/benz-forlife/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:05:59.738Z\"}", "type": "indicator" @@ -21498,11 +21074,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015366239Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:06:33.437Z\",\"description\":\"TS ID: 55306531295; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--939b7b32-9004-40e0-8c48-77b9452a0902\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-11T02:06:33.437Z\",\"name\":\"mal_url: http://borrdrillling.com/fox/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://borrdrillling.com/fox/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:06:33.437Z\"}", "type": "indicator" @@ -21549,11 +21124,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015369375Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:06:48.532Z\",\"description\":\"TS ID: 55306531290; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--f2f9ebc5-814d-4ff2-9979-76264e15d743\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-11T02:06:48.532Z\",\"name\":\"mal_url: http://borrdrillling.com/benz/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://borrdrillling.com/benz/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:06:48.532Z\"}", "type": "indicator" @@ -21601,11 +21175,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015372501Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:07:49.317Z\",\"description\":\"TS ID: 55306531320; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--782c926c-e92f-451e-8aaf-dbe446b8abe4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-02-11T02:07:49.317Z\",\"name\":\"mal_url: http://klickus.com/okye/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://klickus.com/okye/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:07:49.317Z\"}", "type": "indicator" @@ -21653,11 +21226,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015375947Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:07:49.341Z\",\"description\":\"TS ID: 55306531298; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--336d437c-cb0b-473c-b157-3edad63d3a65\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-02-11T02:07:49.341Z\",\"name\":\"mal_url: http://klickus.com/gozie/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://klickus.com/gozie/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:07:49.341Z\"}", "type": "indicator" @@ -21705,11 +21277,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015378913Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-12T02:02:34.926Z\",\"description\":\"TS ID: 55309106417; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--1fff5727-69fd-4477-a610-3542e53642ae\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-12T02:02:34.926Z\",\"name\":\"mal_url: http://alwaysdelivery.xyz/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://alwaysdelivery.xyz/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-12T02:02:34.926Z\"}", "type": "indicator" @@ -21757,11 +21328,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015382079Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-12T02:03:19.477Z\",\"description\":\"TS ID: 55309106235; iType: mal_url; State: active; Org: VoenTelecom nets; Source: CyberCrime\",\"id\":\"indicator--8c3385b7-6ee5-4699-87c8-7a7b1da9b6aa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-49\"],\"modified\":\"2020-02-12T02:03:19.477Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-12T02:03:19.477Z\"}", "type": "indicator" @@ -21809,11 +21379,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015385094Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:02:41.467Z\",\"description\":\"TS ID: 55311776075; iType: mal_ip; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--91ef9dde-3f0a-472c-b8ec-a1b9951acb50\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-13T02:02:41.467Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:02:41.467Z\"}", "type": "indicator" @@ -21854,11 +21423,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015388200Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:02:52.653Z\",\"description\":\"TS ID: 55311776233; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--948a3e06-3481-4873-94e7-8ab068284aba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-13T02:02:52.653Z\",\"name\":\"mal_url: http://felicombo.club/Zebra/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://felicombo.club/Zebra/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:02:52.653Z\"}", "type": "indicator" @@ -21906,11 +21474,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015391386Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:03:16.624Z\",\"description\":\"TS ID: 55311776246; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--3b3faeec-4f78-41f2-acd8-13090336f058\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-13T02:03:16.624Z\",\"name\":\"mal_url: http://pdocxoffice.com/Panel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pdocxoffice.com/Panel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:03:16.624Z\"}", "type": "indicator" @@ -21958,11 +21525,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015394482Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:03:36.577Z\",\"description\":\"TS ID: 55311776248; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--ae6ff4c4-73c1-473a-90cb-99f135240243\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-13T02:03:36.577Z\",\"name\":\"mal_url: http://megaeditores.com/fgv/PHP/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://megaeditores.com/fgv/PHP/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:03:36.577Z\"}", "type": "indicator" @@ -22010,11 +21576,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015397588Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:03:38.86Z\",\"description\":\"TS ID: 55311776237; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--104abde1-c4e9-45a2-85e1-525ea3bec752\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-23\"],\"modified\":\"2020-02-13T02:03:38.86Z\",\"name\":\"mal_url: http://89.160.20.156/prUjRYcU2rqFpZqv/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/prUjRYcU2rqFpZqv/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:03:38.86Z\"}", "type": "indicator" @@ -22062,11 +21627,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015400764Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:06:53.787Z\",\"description\":\"TS ID: 55316616622; iType: mal_url; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--57d0bd25-4211-4e2e-8a4e-31e38eeda90b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T04:06:53.787Z\",\"name\":\"mal_url: http://hotlips.top/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://hotlips.top/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:06:53.787Z\"}", "type": "indicator" @@ -22113,11 +21677,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015404010Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:08:45.548Z\",\"description\":\"TS ID: 55316617564; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--d11be9c2-b408-42a4-a4ad-0ede3c1709f0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-20T04:08:45.548Z\",\"name\":\"mal_url: http://aflamdirectory.com/wp-content/ip/login/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aflamdirectory.com/wp-content/ip/login/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:08:45.548Z\"}", "type": "indicator" @@ -22164,11 +21727,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015407226Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:08:45.601Z\",\"description\":\"TS ID: 55316617187; iType: mal_url; State: active; Org: Telenet Ltd.; Source: CyberCrime\",\"id\":\"indicator--ed5ed1a3-8090-4db3-92cb-3b7b733fa28e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T04:08:45.601Z\",\"name\":\"mal_url: http://ayoobtextlie.com/craks/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/craks/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:08:45.601Z\"}", "type": "indicator" @@ -22216,11 +21778,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015410382Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:09:16.891Z\",\"description\":\"TS ID: 55316616322; iType: mal_ip; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime\",\"id\":\"indicator--6c201663-b1e4-483e-821b-0fe74aecc497\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-20T04:09:16.891Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:09:16.891Z\"}", "type": "indicator" @@ -22261,11 +21822,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015413698Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:11:00.455Z\",\"description\":\"TS ID: 55316616996; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--8203935f-fb3f-418c-945d-40fca5ef088d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T04:11:00.455Z\",\"name\":\"mal_url: http://mecharnise.ir/ca10/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mecharnise.ir/ca10/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:11:00.455Z\"}", "type": "indicator" @@ -22313,11 +21873,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015416794Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:28:36.154Z\",\"description\":\"TS ID: 55321824436; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--238f73e8-938d-4d08-9705-b1b669c129b2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-02-20T04:28:36.154Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:28:36.154Z\"}", "type": "indicator" @@ -22364,11 +21923,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015420280Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:28:36.172Z\",\"description\":\"TS ID: 55321824399; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--6ff21635-ac08-4afe-b5e7-c18dfe320f0f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T04:28:36.172Z\",\"name\":\"mal_url: http://23.247.102.18/4/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://23.247.102.18/4/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:28:36.172Z\"}", "type": "indicator" @@ -22416,11 +21974,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015423476Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:28:36.19Z\",\"description\":\"TS ID: 55321824397; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--9f55ff73-b6b6-476d-bb32-b9a7f8b16e93\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T04:28:36.19Z\",\"name\":\"mal_url: http://23.247.102.18/6/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://23.247.102.18/6/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:28:36.19Z\"}", "type": "indicator" @@ -22468,11 +22025,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015426682Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:30:25.248Z\",\"description\":\"TS ID: 55321824409; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--4abbf2ea-6e46-48e8-b74d-1928c92e6277\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-20T04:30:25.248Z\",\"name\":\"mal_url: http://f0400035.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0400035.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:30:25.248Z\"}", "type": "indicator" @@ -22519,11 +22075,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015429888Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:31:26.488Z\",\"description\":\"TS ID: 55321824418; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--8678d0a4-2b3c-4cea-a745-796f996e18bc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-20T04:31:26.488Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:31:26.488Z\"}", "type": "indicator" @@ -22564,11 +22119,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015432944Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:31:26.532Z\",\"description\":\"TS ID: 55321824403; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--bfd713ad-3d94-441a-b6bc-135ce911b580\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T04:31:26.532Z\",\"name\":\"mal_url: http://23.247.102.18/panel/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://23.247.102.18/panel/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:31:26.532Z\"}", "type": "indicator" @@ -22616,11 +22170,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015436521Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:31:26.582Z\",\"description\":\"TS ID: 55321824401; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--f43a4d56-b27f-41f0-917b-52358df31e13\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T04:31:26.582Z\",\"name\":\"mal_url: http://23.247.102.18/2/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://23.247.102.18/2/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:31:26.582Z\"}", "type": "indicator" @@ -22668,11 +22221,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015439607Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:32:16.603Z\",\"description\":\"TS ID: 55321824432; iType: mal_ip; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--36d62b8e-77db-4111-be17-d0a3e20bbd9d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-41\"],\"modified\":\"2020-02-20T04:32:16.603Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:32:16.603Z\"}", "type": "indicator" @@ -22713,11 +22265,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015442622Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:32:52.041Z\",\"description\":\"TS ID: 55321824444; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--b6863ec6-1752-43b3-b748-ee8a29b6a52e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T04:32:52.041Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:32:52.041Z\"}", "type": "indicator" @@ -22758,11 +22309,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015445708Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:32:52.057Z\",\"description\":\"TS ID: 55321824423; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--fb1aa473-4d9d-46a3-b053-ae7c051d0e14\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-20T04:32:52.057Z\",\"name\":\"mal_url: http://lae9ac50.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lae9ac50.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:32:52.057Z\"}", "type": "indicator" @@ -22809,11 +22359,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015448804Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:32:52.074Z\",\"description\":\"TS ID: 55321824417; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--f4447d70-3217-4319-9b89-4439db608f67\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-20T04:32:52.074Z\",\"name\":\"mal_url: http://ld01c555.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ld01c555.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:32:52.074Z\"}", "type": "indicator" @@ -22860,11 +22409,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015451970Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:49:13.452Z\",\"description\":\"TS ID: 55324942456; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--93e03851-428e-4e25-9fa6-17383426a6d7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-20T04:49:13.452Z\",\"name\":\"mal_url: http://borrdrillling.com/psm91/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://borrdrillling.com/psm91/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:49:13.452Z\"}", "type": "indicator" @@ -22912,11 +22460,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015455206Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:49:22.233Z\",\"description\":\"TS ID: 55324942451; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--ddce3ac3-2e92-4c94-9537-acefcbfecfc0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-20T04:49:22.233Z\",\"name\":\"mal_url: http://wtfshop.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://wtfshop.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:49:22.233Z\"}", "type": "indicator" @@ -22963,11 +22510,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015458282Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:50:21.678Z\",\"description\":\"TS ID: 55324942453; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--d4e1621e-ff57-4881-bf03-67f89c1db651\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-20T04:50:21.678Z\",\"name\":\"mal_url: http://minecrafttusa1.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://minecrafttusa1.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:50:21.678Z\"}", "type": "indicator" @@ -23014,11 +22560,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015461588Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:50:21.708Z\",\"description\":\"TS ID: 55324942431; iType: mal_ip; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--99db47e4-6284-47db-a3bb-70dfcac899c2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-20\"],\"modified\":\"2020-02-20T04:50:21.708Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:50:21.708Z\"}", "type": "indicator" @@ -23059,11 +22604,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015464804Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:50:33.473Z\",\"description\":\"TS ID: 55324942449; iType: mal_ip; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--75f014d9-2c40-4fa1-a05e-43521af4a944\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-36\"],\"modified\":\"2020-02-20T04:50:33.473Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:50:33.473Z\"}", "type": "indicator" @@ -23104,11 +22648,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015468150Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:51:08.292Z\",\"description\":\"TS ID: 55324942438; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--e5ae9133-c459-4130-b2cc-6bfc3d1bba08\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-20T04:51:08.292Z\",\"name\":\"mal_url: http://amazon-fr.fun/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://amazon-fr.fun/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:51:08.292Z\"}", "type": "indicator" @@ -23155,11 +22698,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015471366Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:07.933Z\",\"description\":\"TS ID: 55328307473; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--19914258-5bed-4f35-8f57-f639b0d9c1a0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T05:16:07.933Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:07.933Z\"}", "type": "indicator" @@ -23206,11 +22748,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015475023Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:27.52Z\",\"description\":\"TS ID: 55330801573; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--a1d0cc69-641e-4588-92f4-0ad9713860e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-20T05:16:27.52Z\",\"name\":\"mal_url: http://f0400017.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0400017.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:27.52Z\"}", "type": "indicator" @@ -23257,11 +22798,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015478339Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:27.557Z\",\"description\":\"TS ID: 55330801572; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--52371067-94be-4a79-b45d-8de115e81e86\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-02-20T05:16:27.557Z\",\"name\":\"mal_url: http://f0391202.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391202.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:27.557Z\"}", "type": "indicator" @@ -23308,11 +22848,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015481495Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:37.354Z\",\"description\":\"TS ID: 55328307469; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--0e0682f9-a160-46c2-ba7f-ba9dc2858f7e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:16:37.354Z\",\"name\":\"mal_url: http://ld7fa9c9.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ld7fa9c9.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:37.354Z\"}", "type": "indicator" @@ -23359,11 +22898,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015488779Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:41.613Z\",\"description\":\"TS ID: 55330801557; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--c7e63dd5-c41f-4fd4-bbaa-8b54a1a1a227\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-02-20T05:16:41.613Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:41.613Z\"}", "type": "indicator" @@ -23404,11 +22942,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015493457Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:57.739Z\",\"description\":\"TS ID: 55328307494; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--9f847df6-9c88-4a03-b852-394fd8a77f58\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-20T05:16:57.739Z\",\"name\":\"mal_url: http://referral-casino.club/1/stats/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://referral-casino.club/1/stats/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:57.739Z\"}", "type": "indicator" @@ -23456,11 +22993,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015496483Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:57.764Z\",\"description\":\"TS ID: 55328307481; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--479ea508-2ae1-4aea-825b-e83914fb8d53\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:16:57.764Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work5/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work5/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:57.764Z\"}", "type": "indicator" @@ -23508,11 +23044,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015503086Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:57.791Z\",\"description\":\"TS ID: 55328307476; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--051488db-6441-4ca9-9e5f-c8656e3b1d9f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-02-20T05:16:57.791Z\",\"name\":\"mal_url: http://mediagift.vn/.ki/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mediagift.vn/.ki/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:57.791Z\"}", "type": "indicator" @@ -23560,11 +23095,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015506251Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:17:10.129Z\",\"description\":\"TS ID: 55328307464; iType: mal_ip; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--d5a928aa-3237-4c44-93e8-f73eb20dc728\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-20T05:17:10.129Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:17:10.129Z\"}", "type": "indicator" @@ -23605,11 +23139,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015509478Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:20.205Z\",\"description\":\"TS ID: 55330801629; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--db19cb4e-25ad-46d3-a944-6e53f62d230c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-20T05:18:20.205Z\",\"name\":\"mal_url: http://liweff.eu/vla/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://liweff.eu/vla/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:20.205Z\"}", "type": "indicator" @@ -23657,11 +23190,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015512533Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:20.412Z\",\"description\":\"TS ID: 55328307485; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--438a519a-17ed-422b-a21d-0262b4b2fc0e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:18:20.412Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work2/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work2/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:20.412Z\"}", "type": "indicator" @@ -23709,11 +23241,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015515930Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:22.703Z\",\"description\":\"TS ID: 55330801601; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--7279d49d-39e4-42d1-8fb7-14ddb56d67d7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:18:22.703Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/lmark/pop/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/lmark/pop/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:22.703Z\"}", "type": "indicator" @@ -23761,11 +23292,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015519156Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:31.965Z\",\"description\":\"TS ID: 55328307489; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--70ae46d6-4f8c-4601-ac48-84848ca04719\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:18:31.965Z\",\"name\":\"mal_url: http://158.69.39.138/file/panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://158.69.39.138/file/panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:31.965Z\"}", "type": "indicator" @@ -23813,11 +23343,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015522522Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:31.986Z\",\"description\":\"TS ID: 55328307482; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--11637bfb-fd5b-482b-83b0-ab8a49aa80e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:18:31.986Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work6/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work6/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:31.986Z\"}", "type": "indicator" @@ -23865,11 +23394,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015525648Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:33.111Z\",\"description\":\"TS ID: 55330801593; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--b2cc241b-8f9a-494d-b842-74bc151bec7a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-20T05:18:33.111Z\",\"name\":\"mal_url: http://febspxiii.xyz/DBY/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxiii.xyz/DBY/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:33.111Z\"}", "type": "indicator" @@ -23917,11 +23445,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015528784Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:47.389Z\",\"description\":\"TS ID: 55330801620; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--ac992a06-7013-4af2-b5c0-5c99f556d5b0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-20T05:18:47.389Z\",\"name\":\"mal_url: http://rds2020.space/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rds2020.space/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:47.389Z\"}", "type": "indicator" @@ -23968,11 +23495,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015531789Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:47.406Z\",\"description\":\"TS ID: 55330801615; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--d723c08e-997d-483e-91e0-2ba6048e3683\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-02-20T05:18:47.406Z\",\"name\":\"mal_url: http://vysyyvyvm.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://vysyyvyvm.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:47.406Z\"}", "type": "indicator" @@ -24019,11 +23545,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015534805Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:47.424Z\",\"description\":\"TS ID: 55330801583; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--734a20dd-4f6e-4ca9-8eac-4cdd6b82a122\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T05:18:47.424Z\",\"name\":\"mal_url: http://makadicuosde.cf/makave/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://makadicuosde.cf/makave/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:47.424Z\"}", "type": "indicator" @@ -24071,11 +23596,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015554011Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:52.122Z\",\"description\":\"TS ID: 55328307475; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--e4109b4c-b56f-4f16-818f-0db54e50f5e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-02-20T05:18:52.122Z\",\"name\":\"mal_url: http://tailuong.com.vn/.gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tailuong.com.vn/.gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:52.122Z\"}", "type": "indicator" @@ -24123,11 +23647,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015561595Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:37.033Z\",\"description\":\"TS ID: 55328307484; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--4c7e5535-9899-4967-86bb-e303b03a1122\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:19:37.033Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work3/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work3/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:37.033Z\"}", "type": "indicator" @@ -24175,11 +23698,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015566294Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:37.099Z\",\"description\":\"TS ID: 55328307477; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--ea537667-1f37-4050-bb51-85fee813e39c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T05:19:37.099Z\",\"name\":\"mal_url: http://epperfums.com/duck/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/duck/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:37.099Z\"}", "type": "indicator" @@ -24227,11 +23749,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015570672Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:44.991Z\",\"description\":\"TS ID: 55328307478; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--b6919ef9-68eb-48f5-9bc5-cdb35182e3d5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T05:19:44.991Z\",\"name\":\"mal_url: http://epperfums.com/dull/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/dull/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:44.991Z\"}", "type": "indicator" @@ -24279,11 +23800,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015574159Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:49.844Z\",\"description\":\"TS ID: 55330801566; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--ddf3b3c7-d5f7-42d7-b013-767315de4745\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-63\"],\"modified\":\"2020-02-20T05:19:49.844Z\",\"name\":\"mal_url: http://f0404175.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0404175.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:49.844Z\"}", "type": "indicator" @@ -24330,11 +23850,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015577265Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:58.679Z\",\"description\":\"TS ID: 55330801607; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--12edd75d-2558-498f-93a6-b628c3a21f85\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:19:58.679Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/lmark/frega/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/lmark/frega/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:58.679Z\"}", "type": "indicator" @@ -24382,11 +23901,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015580210Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:21:46.589Z\",\"description\":\"TS ID: 55328307479; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--7a99b0ea-a361-4d6f-9c75-a1cd9ac41b1b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:21:46.589Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work8/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work8/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:21:46.589Z\"}", "type": "indicator" @@ -24434,11 +23952,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015583356Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:22:19.894Z\",\"description\":\"TS ID: 55330801609; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--09479a9a-0c30-4029-a396-afa64343f065\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:22:19.894Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/lmark/em/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/lmark/em/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:22:19.894Z\"}", "type": "indicator" @@ -24486,11 +24003,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015586582Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:01.214Z\",\"description\":\"TS ID: 55330801569; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--434af7fc-410e-404d-8c8c-8875f92cb0c0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-20T05:24:01.214Z\",\"name\":\"mal_url: http://f0402912.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0402912.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:01.214Z\"}", "type": "indicator" @@ -24537,11 +24053,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015589718Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:21.239Z\",\"description\":\"TS ID: 55330801567; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--3ea0e805-8fa3-40ce-84e5-bf39318f35a6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-02-20T05:24:21.239Z\",\"name\":\"mal_url: http://f0404052.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0404052.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:21.239Z\"}", "type": "indicator" @@ -24588,11 +24103,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015592724Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:33.205Z\",\"description\":\"TS ID: 55330801581; iType: mal_url; State: active; Org: Media Antar Nusa PT.; Source: CyberCrime\",\"id\":\"indicator--b9cccc62-550f-4f5b-bb32-f580c23fe382\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-20T05:24:33.205Z\",\"name\":\"mal_url: http://sariincofood.co.id/oxo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sariincofood.co.id/oxo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:33.205Z\"}", "type": "indicator" @@ -24640,11 +24154,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015595759Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:35.843Z\",\"description\":\"TS ID: 55330801559; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--314ecb7a-db3a-4a64-9c0c-1361891c26c3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-59\"],\"modified\":\"2020-02-20T05:24:35.843Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:35.843Z\"}", "type": "indicator" @@ -24685,11 +24198,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015598895Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:47.629Z\",\"description\":\"TS ID: 55330801610; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--d594d88f-2e74-4539-99a3-7fc7ae29ac7f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:24:47.629Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/lmark/aps/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/lmark/aps/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:47.629Z\"}", "type": "indicator" @@ -24737,11 +24249,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015602412Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:47.645Z\",\"description\":\"TS ID: 55330801575; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--d20e7f50-caac-4054-b816-6f4a9a9283b9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-20T05:24:47.645Z\",\"name\":\"mal_url: http://thefieldagent.net/ys/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://thefieldagent.net/ys/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:47.645Z\"}", "type": "indicator" @@ -24789,11 +24300,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015605518Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:25:26.502Z\",\"description\":\"TS ID: 55328307491; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--fb3209c5-4de8-4554-9bb4-ed8cc2b19915\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-02-20T05:25:26.502Z\",\"name\":\"mal_url: http://instaboom-hello.site/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://instaboom-hello.site/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:25:26.502Z\"}", "type": "indicator" @@ -24841,11 +24351,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015608603Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:25:26.525Z\",\"description\":\"TS ID: 55328307488; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--592a57f8-b59a-4018-9167-307225a207ef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:25:26.525Z\",\"name\":\"mal_url: http://biznetvgator.com/greets/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://biznetvgator.com/greets/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:25:26.525Z\"}", "type": "indicator" @@ -24893,11 +24402,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015611639Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:25:29.508Z\",\"description\":\"TS ID: 55328307495; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--56e543f4-111a-4764-af25-ee784f35a7c6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:25:29.508Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/azrt/emma/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/azrt/emma/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:25:29.508Z\"}", "type": "indicator" @@ -24945,11 +24453,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015614615Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:25:29.532Z\",\"description\":\"TS ID: 55328307487; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--a2e1a901-7ad5-4be0-9fad-7e83cb7d35a7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-20T05:25:29.532Z\",\"name\":\"mal_url: http://brokenbrains.xyz/Pablo/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenbrains.xyz/Pablo/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:25:29.532Z\"}", "type": "indicator" @@ -24997,11 +24504,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015617640Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:51:41.341Z\",\"description\":\"TS ID: 55333174445; iType: mal_url; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--84d5a06f-cbc3-4504-b0d0-ea23b99182ba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-21T02:51:41.341Z\",\"name\":\"mal_url: http://nenengdsa.ug/QnSrw25SkhlxsF5P/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nenengdsa.ug/QnSrw25SkhlxsF5P/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:51:41.341Z\"}", "type": "indicator" @@ -25049,11 +24555,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015620706Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:51:50.176Z\",\"description\":\"TS ID: 55333174449; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--56cda4af-704b-41e7-8cc3-6140c163a22a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-21T02:51:50.176Z\",\"name\":\"mal_url: http://j1041747.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j1041747.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:51:50.176Z\"}", "type": "indicator" @@ -25100,11 +24605,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015624173Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:51:50.296Z\",\"description\":\"TS ID: 55333174441; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--3a6903d8-e46b-4918-a99d-21ae21465bde\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-21T02:51:50.296Z\",\"name\":\"mal_url: http://sadhate.zzz.com.ua/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sadhate.zzz.com.ua/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:51:50.296Z\"}", "type": "indicator" @@ -25152,11 +24656,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015629052Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:28.296Z\",\"description\":\"TS ID: 55333174457; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ec1f4e5c-0878-4dcf-9141-4a83b8abeb2c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-21T02:52:28.296Z\",\"name\":\"mal_url: http://groysman.club/host/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://groysman.club/host/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:28.296Z\"}", "type": "indicator" @@ -25204,11 +24707,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015632548Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:31.697Z\",\"description\":\"TS ID: 55333174438; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--40502e97-56ae-4194-81d7-fc08ebff68c1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-21T02:52:31.697Z\",\"name\":\"mal_url: http://nortonlilly.info/ace/ts/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/ace/ts/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:31.697Z\"}", "type": "indicator" @@ -25256,11 +24758,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015635814Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:33.704Z\",\"description\":\"TS ID: 55333174439; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--d9ed2a5f-0f87-4d87-adec-7a925fc848e4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-21T02:52:33.704Z\",\"name\":\"mal_url: http://zdwallcoveing.com/cream/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://zdwallcoveing.com/cream/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:33.704Z\"}", "type": "indicator" @@ -25308,11 +24809,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015639081Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:34.992Z\",\"description\":\"TS ID: 55333174446; iType: mal_ip; State: active; Org: Aksinet Ltd.; Source: CyberCrime\",\"id\":\"indicator--097b92f4-6865-49db-8e59-2a89df364749\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-02-21T02:52:34.992Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:34.992Z\"}", "type": "indicator" @@ -25353,11 +24853,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015642136Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:35.038Z\",\"description\":\"TS ID: 55333174442; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--03ea9edc-6654-4287-b452-988c85380295\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-60\"],\"modified\":\"2020-02-21T02:52:35.038Z\",\"name\":\"mal_url: http://jusper.zzz.com.ua/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jusper.zzz.com.ua/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:35.038Z\"}", "type": "indicator" @@ -25405,11 +24904,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015645222Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:38.593Z\",\"description\":\"TS ID: 55333174440; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--99f64515-7513-4764-b278-987c5df8484b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-21T02:52:38.593Z\",\"name\":\"mal_url: http://azur.kl.com.ua/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://azur.kl.com.ua/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:38.593Z\"}", "type": "indicator" @@ -25457,11 +24955,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015648238Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:25.758Z\",\"description\":\"TS ID: 55333174450; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--afdd7c21-d8c6-419e-84be-5c8b2ce1a829\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-21T02:53:25.758Z\",\"name\":\"mal_url: http://d98527ix.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://d98527ix.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:25.758Z\"}", "type": "indicator" @@ -25508,11 +25005,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015651273Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:31.865Z\",\"description\":\"TS ID: 55333174452; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--858c680e-7b33-4345-b23c-bbc2a1efb9e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-21T02:53:31.865Z\",\"name\":\"mal_url: http://corpcougar.com/new/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/new/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:31.865Z\"}", "type": "indicator" @@ -25560,11 +25056,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015654469Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:31.9Z\",\"description\":\"TS ID: 55333174443; iType: mal_url; State: active; Org: Fanavari Server Pars Argham Company Gostar Ltd.; Source: CyberCrime\",\"id\":\"indicator--4a97fc3d-210e-4367-ad04-f1b966433a32\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-21T02:53:31.9Z\",\"name\":\"mal_url: http://perca.ir/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://perca.ir/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:31.9Z\"}", "type": "indicator" @@ -25612,11 +25107,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015657715Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:40.48Z\",\"description\":\"TS ID: 55333174451; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--51994ab0-1f97-4bcb-9f24-9fcd3d2364aa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-21T02:53:40.48Z\",\"name\":\"mal_url: http://zdwallcoveing.com/clock/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://zdwallcoveing.com/clock/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:40.48Z\"}", "type": "indicator" @@ -25664,11 +25158,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015660731Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:42.327Z\",\"description\":\"TS ID: 55333174456; iType: mal_url; State: active; Org: WebHS; Source: CyberCrime\",\"id\":\"indicator--c9d733d6-25c7-4306-9246-c08194e3073a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-21T02:53:42.327Z\",\"name\":\"mal_url: http://livdecor.pt/ali/Panel/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://livdecor.pt/ali/Panel/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:42.327Z\"}", "type": "indicator" @@ -25716,11 +25209,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015663867Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:58.967Z\",\"description\":\"TS ID: 55333174444; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--1322e66c-185d-4f46-80d4-d5751722d4cf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-21T02:53:58.967Z\",\"name\":\"mal_url: http://liweff.eu/kp/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://liweff.eu/kp/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:58.967Z\"}", "type": "indicator" @@ -25768,11 +25260,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015667364Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:54:44.049Z\",\"description\":\"TS ID: 55333174436; iType: mal_url; State: active; Org: 1\u00261 Internet AG; Source: CyberCrime\",\"id\":\"indicator--733d93ce-6ce8-4272-b564-b09818dbdbbb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-20\"],\"modified\":\"2020-02-21T02:54:44.049Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:54:44.049Z\"}", "type": "indicator" @@ -25820,11 +25311,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015671281Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:54:44.075Z\",\"description\":\"TS ID: 55333174435; iType: mal_ip; State: active; Org: WebHS; Source: CyberCrime\",\"id\":\"indicator--fc0b39d5-d097-4e61-a4cd-970929467bad\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-50\"],\"modified\":\"2020-02-21T02:54:44.075Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:54:44.075Z\"}", "type": "indicator" @@ -25865,11 +25355,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015674878Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:52.6Z\",\"description\":\"TS ID: 55335562485; iType: mal_url; State: active; Org: PDR; Source: CyberCrime\",\"id\":\"indicator--92dd4ff2-7072-4262-b47d-b04cae8480e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-22T02:52:52.6Z\",\"name\":\"mal_url: http://missingandfound.com.my/urch/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://missingandfound.com.my/urch/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:52.6Z\"}", "type": "indicator" @@ -25917,11 +25406,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015678965Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:53.322Z\",\"description\":\"TS ID: 55335562462; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--122f6e46-781f-4d00-8247-6cf4047b0c9f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:52:53.322Z\",\"name\":\"mal_url: http://corpcougar.com/bin/pa/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/bin/pa/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:53.322Z\"}", "type": "indicator" @@ -25969,11 +25457,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015682151Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:53.756Z\",\"description\":\"TS ID: 55335562495; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--d5b42516-dfa2-499d-bc2b-c5c10617e7c9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-22T02:52:53.756Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/frega/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/frega/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:53.756Z\"}", "type": "indicator" @@ -26021,11 +25508,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015685167Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:53.779Z\",\"description\":\"TS ID: 55335562482; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--0668db3a-adb5-4e2e-b8f2-18e3870e2d7c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-22T02:52:53.779Z\",\"name\":\"mal_url: http://rotan.tech/explore/acm/balldrop/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rotan.tech/explore/acm/balldrop/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:53.779Z\"}", "type": "indicator" @@ -26073,11 +25559,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015688413Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:59.853Z\",\"description\":\"TS ID: 55335562401; iType: mal_url; State: active; Org: BelCloud Hosting Corporation; Source: CyberCrime\",\"id\":\"indicator--679fd604-82cb-47cd-a968-e87e9cca7fac\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-22T02:52:59.853Z\",\"name\":\"mal_url: http://89.160.20.156/mpdu/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/mpdu/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:59.853Z\"}", "type": "indicator" @@ -26125,11 +25610,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015691459Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:10.018Z\",\"description\":\"TS ID: 55335562492; iType: mal_ip; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--cdbffa12-c6c9-4723-807f-46b9672a23a2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-02-22T02:53:10.018Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:10.018Z\"}", "type": "indicator" @@ -26170,11 +25654,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015694565Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:11.62Z\",\"description\":\"TS ID: 55335562491; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--2218c7b6-3e94-4885-9a70-1f724d8453cc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-22T02:53:11.62Z\",\"name\":\"mal_url: http://epperfums.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:11.62Z\"}", "type": "indicator" @@ -26222,11 +25705,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015697710Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:34.685Z\",\"description\":\"TS ID: 55335562511; iType: mal_url; State: active; Org: T-Mobile Czech Republic; Source: CyberCrime\",\"id\":\"indicator--773fabfe-63b5-4681-8189-4dffad1747fc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-46\"],\"modified\":\"2020-02-22T02:53:34.685Z\",\"name\":\"mal_url: http://ccilfov.ro/css/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ccilfov.ro/css/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:34.685Z\"}", "type": "indicator" @@ -26274,11 +25756,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015700876Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:34.733Z\",\"description\":\"TS ID: 55335562506; iType: mal_ip; State: active; Org: ChunkHost; Source: CyberCrime\",\"id\":\"indicator--5e32213f-5daa-4181-a108-0fc58482adcb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-22T02:53:34.733Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:34.733Z\"}", "type": "indicator" @@ -26319,11 +25800,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015703862Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:34.767Z\",\"description\":\"TS ID: 55335562468; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--b07ae083-b56c-48b0-bfdb-6cf786978ce8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:53:34.767Z\",\"name\":\"mal_url: http://nortonlilly.info/zeya/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/zeya/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:34.767Z\"}", "type": "indicator" @@ -26371,11 +25851,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015707008Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:36.179Z\",\"description\":\"TS ID: 55335562472; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--42e0fb49-dd09-4979-a4d0-ff310d14acf8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-22T02:53:36.179Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/adaba/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/adaba/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:36.179Z\"}", "type": "indicator" @@ -26423,11 +25902,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015710084Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:45.219Z\",\"description\":\"TS ID: 55335562429; iType: mal_url; State: active; Org: OVH SAS; Source: CyberCrime\",\"id\":\"indicator--8d2d349a-763b-406b-ba8c-8ba684058028\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-02-22T02:53:45.219Z\",\"name\":\"mal_url: http://51.83.200.179/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://51.83.200.179/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:45.219Z\"}", "type": "indicator" @@ -26475,11 +25953,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015713089Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:56.922Z\",\"description\":\"TS ID: 55335562488; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--965a2554-cc08-488c-8d81-a29e8402eec1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-22T02:53:56.922Z\",\"name\":\"mal_url: http://lighteniger.tech/hntspeed/mansft/paydy/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lighteniger.tech/hntspeed/mansft/paydy/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:56.922Z\"}", "type": "indicator" @@ -26527,11 +26004,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015716025Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:18.93Z\",\"description\":\"TS ID: 55335562502; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--e75aa726-cbb0-486f-ac25-947fc76fb5de\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-22T02:54:18.93Z\",\"name\":\"mal_url: http://paperblank.best/gHL6qufBKIulnp11/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://paperblank.best/gHL6qufBKIulnp11/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:18.93Z\"}", "type": "indicator" @@ -26579,11 +26055,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015719622Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:18.975Z\",\"description\":\"TS ID: 55335562470; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--9f6d9425-fc79-4493-8f95-81ac2a7ae188\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-56\"],\"modified\":\"2020-02-22T02:54:18.975Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:18.975Z\"}", "type": "indicator" @@ -26624,11 +26099,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015722697Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:27.432Z\",\"description\":\"TS ID: 55335562494; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--1333f7e6-3af0-4aea-b798-a54f03d68ac5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-22T02:54:27.432Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/frega2/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/frega2/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:27.432Z\"}", "type": "indicator" @@ -26676,11 +26150,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015725943Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:27.479Z\",\"description\":\"TS ID: 55335562474; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--f4e076ed-6393-49d5-adc2-cbe730ff48db\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-22T02:54:27.479Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/beta/herm/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/beta/herm/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:27.479Z\"}", "type": "indicator" @@ -26728,11 +26201,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015728869Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:29.634Z\",\"description\":\"TS ID: 55335562505; iType: mal_url; State: active; Org: ChunkHost; Source: CyberCrime\",\"id\":\"indicator--2b38be23-b226-460e-9b17-4480e930f271\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-22T02:54:29.634Z\",\"name\":\"mal_url: http://almondmilkoils.com/E6OCF8w8IPI6vxKa/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://almondmilkoils.com/E6OCF8w8IPI6vxKa/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:29.634Z\"}", "type": "indicator" @@ -26780,11 +26252,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015732035Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:29.689Z\",\"description\":\"TS ID: 55335562500; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--0bfd644c-62ef-4f03-9d1d-304673d912f1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-22T02:54:29.689Z\",\"name\":\"mal_url: http://pay-robokassa.net/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pay-robokassa.net/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:29.689Z\"}", "type": "indicator" @@ -26832,11 +26303,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015735020Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:47.42Z\",\"description\":\"TS ID: 55335562476; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--a15df968-dec6-4122-811e-1144011d0653\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:54:47.42Z\",\"name\":\"mal_url: http://nortonlilly.info/jb/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/jb/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:47.42Z\"}", "type": "indicator" @@ -26884,11 +26354,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015738176Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:48.824Z\",\"description\":\"TS ID: 55335562428; iType: mal_url; State: active; Org: Hostkey B.v.; Source: CyberCrime\",\"id\":\"indicator--11fec449-039c-4d64-aefa-210e96074633\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-40\"],\"modified\":\"2020-02-22T02:54:48.824Z\",\"name\":\"mal_url: http://89.160.20.156/host/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/host/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:48.824Z\"}", "type": "indicator" @@ -26936,11 +26405,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015741402Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:49.84Z\",\"description\":\"TS ID: 55335562466; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--5d04eb73-cda3-4f22-bcaf-604660d26343\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:54:49.84Z\",\"name\":\"mal_url: http://nortonlilly.info/ace1/st/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/ace1/st/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:49.84Z\"}", "type": "indicator" @@ -26988,11 +26456,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015744538Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:51.052Z\",\"description\":\"TS ID: 55335562498; iType: mal_url; State: active; Org: Dedicated-servers; Source: CyberCrime\",\"id\":\"indicator--f7bafcb3-679f-4959-8ed0-d3d8b62eceef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-22T02:54:51.052Z\",\"name\":\"mal_url: http://89.160.20.156/primfive/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/primfive/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:51.052Z\"}", "type": "indicator" @@ -27040,11 +26507,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015747584Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:51.08Z\",\"description\":\"TS ID: 55335562469; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--4913d346-5153-40a6-b5ab-9854e91f4ac6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-22T02:54:51.08Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/gold/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/gold/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:51.08Z\"}", "type": "indicator" @@ -27092,11 +26558,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015754046Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:57.998Z\",\"description\":\"TS ID: 55335562501; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--abd1ec0d-3831-4ae8-93fd-fa22ed4d20fd\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-22T02:54:57.998Z\",\"name\":\"mal_url: http://dronius267.myjino.ru/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dronius267.myjino.ru/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:57.998Z\"}", "type": "indicator" @@ -27144,11 +26609,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015757392Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:58.082Z\",\"description\":\"TS ID: 55335562493; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--21a62996-f4f5-4b77-be5d-4f84a7e7d084\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-22T02:54:58.082Z\",\"name\":\"mal_url: http://aladebtrading.com/loki/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aladebtrading.com/loki/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:58.082Z\"}", "type": "indicator" @@ -27196,11 +26660,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015760518Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:59.268Z\",\"description\":\"TS ID: 55335562496; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--7f70004c-d9ab-4f22-b3d8-511682528ccc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-22T02:54:59.268Z\",\"name\":\"mal_url: http://89.160.20.156/primsix/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/primsix/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:59.268Z\"}", "type": "indicator" @@ -27248,11 +26711,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015763935Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:59.71Z\",\"description\":\"TS ID: 55335562514; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--0c36d9c7-4938-49c0-9704-38aeaee90f95\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-22T02:54:59.71Z\",\"name\":\"mal_url: http://worldatdoor.in/nato/Pony/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/nato/Pony/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:59.71Z\"}", "type": "indicator" @@ -27300,11 +26762,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015766940Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:06.175Z\",\"description\":\"TS ID: 55335562464; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--af30a658-0eea-4daf-b26f-26f060e56bc9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:55:06.175Z\",\"name\":\"mal_url: http://nortonlilly.info/jp/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/jp/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:06.175Z\"}", "type": "indicator" @@ -27352,11 +26813,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015769936Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:16.703Z\",\"description\":\"TS ID: 55335562478; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--6c50747b-39c8-48c7-9fdc-86427a702ce1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-22T02:55:16.703Z\",\"name\":\"mal_url: http://worldatdoor.in/lewis1/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/lewis1/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:16.703Z\"}", "type": "indicator" @@ -27404,11 +26864,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015773312Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:26.13Z\",\"description\":\"TS ID: 55335562507; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime\",\"id\":\"indicator--a2d5be60-5ee7-4dc6-b626-f5af241f2da0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-45\"],\"modified\":\"2020-02-22T02:55:26.13Z\",\"name\":\"mal_url: http://67.215.224.144/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://67.215.224.144/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:26.13Z\"}", "type": "indicator" @@ -27455,11 +26914,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015776408Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:32.068Z\",\"description\":\"TS ID: 55335562512; iType: mal_url; State: active; Org: Host Sailor Ltd.; Source: CyberCrime\",\"id\":\"indicator--d1c9a2c5-972d-4de3-97b5-c8175e4a0c4c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-22T02:55:32.068Z\",\"name\":\"mal_url: http://abyng.com/mg/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://abyng.com/mg/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:32.068Z\"}", "type": "indicator" @@ -27507,11 +26965,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015779544Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:34.073Z\",\"description\":\"TS ID: 55335562503; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--bb1eb654-4bcc-4292-a65d-879efac8ff18\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:55:34.073Z\",\"name\":\"mal_ip: 192.168.118.182\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '192.168.118.182']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:34.073Z\"}", "type": "indicator" @@ -27552,11 +27009,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015782590Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:37.882Z\",\"description\":\"TS ID: 55335562427; iType: mal_ip; State: active; Org: Host Sailor Ltd.; Source: CyberCrime\",\"id\":\"indicator--fdcefce4-18b5-4a39-9b8d-a8816fe4c411\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-02-22T02:55:37.882Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:37.882Z\"}", "type": "indicator" @@ -27597,11 +27053,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015785715Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:50.468Z\",\"description\":\"TS ID: 55335562509; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--8358dddf-0d73-48e3-b8cd-14dc1ba01c09\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-22T02:55:50.468Z\",\"name\":\"mal_url: http://d0lphin1337.xyz/autofarm/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://d0lphin1337.xyz/autofarm/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:50.468Z\"}", "type": "indicator" @@ -27649,11 +27104,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015788691Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:52.759Z\",\"description\":\"TS ID: 55335562480; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--f1deba70-4cd9-42a2-877f-9036b38c72b4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-22T02:55:52.759Z\",\"name\":\"mal_url: http://worldatdoor.in/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:52.759Z\"}", "type": "indicator" @@ -27701,11 +27155,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015791657Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:51:55.106Z\",\"description\":\"TS ID: 55342497317; iType: mal_url; State: active; Org: Dedicated-servers; Source: CyberCrime\",\"id\":\"indicator--516caba2-8889-4f32-96e6-e4874a705085\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-23T02:51:55.106Z\",\"name\":\"mal_url: http://89.160.20.156/plugman/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/plugman/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:51:55.106Z\"}", "type": "indicator" @@ -27753,11 +27206,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015795073Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:51:55.126Z\",\"description\":\"TS ID: 55342497247; iType: mal_url; State: active; Org: Clax Telecom Srl; Source: CyberCrime\",\"id\":\"indicator--7ad4e7c7-e202-4d04-8bae-c717d36610e2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-100\"],\"modified\":\"2020-02-23T02:51:55.126Z\",\"name\":\"mal_url: http://stampilam.ro/axe/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://stampilam.ro/axe/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:51:55.126Z\"}", "type": "indicator" @@ -27805,11 +27257,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015798179Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:00.436Z\",\"description\":\"TS ID: 55342497248; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--015e9665-1524-4e79-841d-8038961e0250\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-23T02:52:00.436Z\",\"name\":\"mal_url: http://securesharing.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://securesharing.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:00.436Z\"}", "type": "indicator" @@ -27857,11 +27308,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015801104Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:11.479Z\",\"description\":\"TS ID: 55342497260; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--457f24b0-3aff-4e1b-972b-80bbc70de290\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-23T02:52:11.479Z\",\"name\":\"mal_url: http://ivad.com.vn/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ivad.com.vn/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:11.479Z\"}", "type": "indicator" @@ -27909,11 +27359,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015805843Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:31.664Z\",\"description\":\"TS ID: 55342497257; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--c48537ec-9991-441c-89e6-f41295aa8b88\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-02-23T02:52:31.664Z\",\"name\":\"mal_url: http://mediagift.vn/.bc/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mediagift.vn/.bc/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:31.664Z\"}", "type": "indicator" @@ -27961,11 +27410,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015808999Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:36.705Z\",\"description\":\"TS ID: 55342497265; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--c580668f-1fd0-49e7-bea8-fe3effa1854a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:52:36.705Z\",\"name\":\"mal_url: http://fvrlink.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:36.705Z\"}", "type": "indicator" @@ -28013,11 +27461,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015812025Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:38.725Z\",\"description\":\"TS ID: 55342497253; iType: mal_url; State: active; Org: PT. Dhecyber Flow Indonesia; Source: CyberCrime\",\"id\":\"indicator--97f5e99e-bdb3-4f2e-b9e6-b820f6c6e17c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-02-23T02:52:38.725Z\",\"name\":\"mal_url: http://petroindonesia.co.id/xxx/xx/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://petroindonesia.co.id/xxx/xx/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:38.725Z\"}", "type": "indicator" @@ -28065,11 +27512,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015815171Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:43.45Z\",\"description\":\"TS ID: 55342497299; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--53d3da3c-985b-4045-bb67-cac32740c8a8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:52:43.45Z\",\"name\":\"mal_url: http://febvnxp.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:43.45Z\"}", "type": "indicator" @@ -28117,11 +27563,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015818497Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:44.281Z\",\"description\":\"TS ID: 55342497255; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--19faa6b5-809f-4a97-9415-10aa8711a095\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-23T02:52:44.281Z\",\"name\":\"mal_url: http://mocdong.com.vn/gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mocdong.com.vn/gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:44.281Z\"}", "type": "indicator" @@ -28169,11 +27614,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015821583Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:46.455Z\",\"description\":\"TS ID: 55342497238; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--f023fd7f-9128-4b43-b8a4-4e18a33dbbf0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-23T02:52:46.455Z\",\"name\":\"mal_url: http://f0405406.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0405406.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:46.455Z\"}", "type": "indicator" @@ -28220,11 +27664,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015824578Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:55.747Z\",\"description\":\"TS ID: 55342497297; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--15290dad-dffe-413d-b14c-e1bcbf9c5f62\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:52:55.747Z\",\"name\":\"mal_url: http://febvnxp.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:55.747Z\"}", "type": "indicator" @@ -28272,11 +27715,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015827554Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:08.502Z\",\"description\":\"TS ID: 55342497311; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--d04b02bf-6282-4889-95d0-bcebf5f7f3a8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-23T02:53:08.502Z\",\"name\":\"mal_url: http://euromopy.tech/etty/black/download/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://euromopy.tech/etty/black/download/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:08.502Z\"}", "type": "indicator" @@ -28324,11 +27766,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015830530Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:08.537Z\",\"description\":\"TS ID: 55342497243; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--b3da183c-cefb-4014-bc60-b838648be7b4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-23T02:53:08.537Z\",\"name\":\"mal_url: http://mez.kl.com.ua/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mez.kl.com.ua/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:08.537Z\"}", "type": "indicator" @@ -28376,11 +27817,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015833535Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:08.568Z\",\"description\":\"TS ID: 55342497237; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--f18c4197-55ad-4dba-beaf-8b57fd984245\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-96\"],\"modified\":\"2020-02-23T02:53:08.568Z\",\"name\":\"mal_url: http://gimhon.ml/kcyi/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gimhon.ml/kcyi/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:08.568Z\"}", "type": "indicator" @@ -28428,11 +27868,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015836541Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:09.543Z\",\"description\":\"TS ID: 55342497304; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--a11a5e52-cd1d-4891-96a6-a9b78a260843\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:09.543Z\",\"name\":\"mal_url: http://febspxi.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:09.543Z\"}", "type": "indicator" @@ -28480,11 +27919,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015839597Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:09.578Z\",\"description\":\"TS ID: 55342497256; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--a5c5b970-919b-4464-b7db-694194d08632\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-23T02:53:09.578Z\",\"name\":\"mal_url: http://mirrapl.com/big/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mirrapl.com/big/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:09.578Z\"}", "type": "indicator" @@ -28532,11 +27970,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015842612Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:09.612Z\",\"description\":\"TS ID: 55342497234; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--60a33c8d-316e-4688-b9f8-e68c82aa36b3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:09.612Z\",\"name\":\"mal_url: http://terayu.tk/irkk/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://terayu.tk/irkk/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:09.612Z\"}", "type": "indicator" @@ -28584,11 +28021,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015846219Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:12.354Z\",\"description\":\"TS ID: 55342497239; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--1d8670e2-50f8-4595-bdb1-7152df77d2a7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-23T02:53:12.354Z\",\"name\":\"mal_url: http://f0405230.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0405230.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:12.354Z\"}", "type": "indicator" @@ -28635,11 +28071,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015849746Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:17.566Z\",\"description\":\"TS ID: 55342497249; iType: mal_url; State: active; Org: Media Antar Nusa PT.; Source: CyberCrime\",\"id\":\"indicator--f04e05b1-5cb4-4e30-8d2e-0e1b1bae7523\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-23T02:53:17.566Z\",\"name\":\"mal_url: http://sariincofood.co.id/xx/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sariincofood.co.id/xx/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:17.566Z\"}", "type": "indicator" @@ -28687,11 +28122,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015852581Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:19.805Z\",\"description\":\"TS ID: 55342497293; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ebf656cd-162d-40e8-8c3a-272285600583\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:53:19.805Z\",\"name\":\"mal_url: http://febvnxp.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:19.805Z\"}", "type": "indicator" @@ -28739,11 +28173,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015855466Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:27.698Z\",\"description\":\"TS ID: 55342497315; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--fb9e5c00-6b18-456e-9503-1a2a74d23642\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-23T02:53:27.698Z\",\"name\":\"mal_url: http://89.160.20.156/primone/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/primone/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:27.698Z\"}", "type": "indicator" @@ -28791,11 +28224,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015858392Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:27.735Z\",\"description\":\"TS ID: 55342497263; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ff626727-4888-4cba-9257-470f0a70891a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:27.735Z\",\"name\":\"mal_url: http://fvrlink.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:27.735Z\"}", "type": "indicator" @@ -28843,11 +28275,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015861277Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:40.401Z\",\"description\":\"TS ID: 55342497262; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--4ec240b7-0fb7-4d38-8312-841d8f43886b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:40.401Z\",\"name\":\"mal_url: http://fvrlink.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:40.401Z\"}", "type": "indicator" @@ -28895,11 +28326,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015864153Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:40.432Z\",\"description\":\"TS ID: 55342497245; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--9d14574f-9af7-493d-84a2-f631570f1940\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-02-23T02:53:40.432Z\",\"name\":\"mal_url: http://transwesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://transwesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:40.432Z\"}", "type": "indicator" @@ -28947,11 +28377,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015867208Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:40.453Z\",\"description\":\"TS ID: 55342497232; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--e6333eb1-1ff7-4131-94cd-5e5d53bff58f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-23T02:53:40.453Z\",\"name\":\"mal_url: http://mactreher.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mactreher.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:40.453Z\"}", "type": "indicator" @@ -28998,11 +28427,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015870144Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:42.405Z\",\"description\":\"TS ID: 55342497305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--c5e5054b-f15b-4c96-a753-3b3562f66488\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:42.405Z\",\"name\":\"mal_url: http://febspxi.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:42.405Z\"}", "type": "indicator" @@ -29050,11 +28478,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015873380Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:42.443Z\",\"description\":\"TS ID: 55342497235; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--d672c0ee-1501-4276-bd9d-dbdd27a11a7d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:42.443Z\",\"name\":\"mal_url: http://himkon.cf/kcyi/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://himkon.cf/kcyi/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:42.443Z\"}", "type": "indicator" @@ -29102,11 +28529,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015876345Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:47.65Z\",\"description\":\"TS ID: 55342497244; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--9ebd5fa7-5308-48f6-80a2-84c18572d4b6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-23T02:53:47.65Z\",\"name\":\"mal_url: http://wesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://wesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:47.65Z\"}", "type": "indicator" @@ -29154,11 +28580,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015879401Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:53.437Z\",\"description\":\"TS ID: 55342497268; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--e00da1fa-88c4-4327-b415-71d3499ab5d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:53.437Z\",\"name\":\"mal_url: http://fvrlink.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:53.437Z\"}", "type": "indicator" @@ -29206,11 +28631,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015882347Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:02.069Z\",\"description\":\"TS ID: 55342497250; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--6d4b1407-6885-4030-beae-43747e458b8a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-23T02:54:02.069Z\",\"name\":\"mal_url: http://portalcafecomnoticias.com.br/test/js/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://portalcafecomnoticias.com.br/test/js/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:02.069Z\"}", "type": "indicator" @@ -29258,11 +28682,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015885322Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:09.172Z\",\"description\":\"TS ID: 55342497312; iType: mal_url; State: active; Org: Unified Layer; Source: CyberCrime\",\"id\":\"indicator--8dd72fce-4734-40a1-8e73-cf44c9319fe1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-54\"],\"modified\":\"2020-02-23T02:54:09.172Z\",\"name\":\"mal_url: http://esenciamaya.com/leo/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://esenciamaya.com/leo/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:09.172Z\"}", "type": "indicator" @@ -29310,11 +28733,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015888198Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:15.807Z\",\"description\":\"TS ID: 55342497294; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--27b834b0-4113-4eca-8989-d7ada85d0779\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:54:15.807Z\",\"name\":\"mal_url: http://febvnxp.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:15.807Z\"}", "type": "indicator" @@ -29362,11 +28784,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015891394Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:17.76Z\",\"description\":\"TS ID: 55342497307; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--56334c71-2f84-4e09-a6cc-017577b99970\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:54:17.76Z\",\"name\":\"mal_url: http://febspxi.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:17.76Z\"}", "type": "indicator" @@ -29414,11 +28835,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015894309Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:19.374Z\",\"description\":\"TS ID: 55342497313; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime\",\"id\":\"indicator--12abfac3-5251-45f4-bfde-20e3081d0f29\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-54\"],\"modified\":\"2020-02-23T02:54:19.374Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:19.374Z\"}", "type": "indicator" @@ -29459,11 +28879,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015898507Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:25.477Z\",\"description\":\"TS ID: 55342497258; iType: mal_url; State: active; Org: InMotion Hosting; Source: CyberCrime\",\"id\":\"indicator--8b4fe873-9b07-4985-9818-291623fc07b9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-23T02:54:25.477Z\",\"name\":\"mal_url: http://mawa2ef.com/core/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mawa2ef.com/core/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:25.477Z\"}", "type": "indicator" @@ -29511,11 +28930,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015911020Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:39.696Z\",\"description\":\"TS ID: 55342497298; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--c3486bc6-ca92-469f-b0d0-fd8f5cd81580\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:54:39.696Z\",\"name\":\"mal_url: http://febvnxp.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:39.696Z\"}", "type": "indicator" @@ -29563,11 +28981,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015914777Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:39.976Z\",\"description\":\"TS ID: 55342497308; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--0748270e-f010-4598-a389-553d3fffcb48\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:54:39.976Z\",\"name\":\"mal_url: http://febspxi.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:39.976Z\"}", "type": "indicator" @@ -29615,11 +29032,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015918104Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:40.035Z\",\"description\":\"TS ID: 55342497254; iType: mal_ip; State: active; Org: PT. Dhecyber Flow Indonesia; Source: CyberCrime\",\"id\":\"indicator--cd075ee5-9b9f-4203-a9a3-c9592a6f6941\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-02-23T02:54:40.035Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:40.035Z\"}", "type": "indicator" @@ -29660,11 +29076,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015921270Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:40.281Z\",\"description\":\"TS ID: 55342497241; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--ed6fe1be-e6b6-436e-9d8f-f2440d34b32f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-23T02:54:40.281Z\",\"name\":\"mal_url: http://dabain.live/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dabain.live/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:40.281Z\"}", "type": "indicator" @@ -29712,11 +29127,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015924365Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:48.232Z\",\"description\":\"TS ID: 55342497251; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--3e220a1d-3d12-4baf-984e-90a3b7431aff\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-59\"],\"modified\":\"2020-02-23T02:54:48.232Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:48.232Z\"}", "type": "indicator" @@ -29757,11 +29171,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015927271Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:53.263Z\",\"description\":\"TS ID: 55342497316; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--6bc71acc-f3da-4b79-bcc0-7ce4a4a4d4ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-23T02:54:53.263Z\",\"name\":\"mal_url: http://89.160.20.156/africa/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/africa/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:53.263Z\"}", "type": "indicator" @@ -29809,11 +29222,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015930487Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:54.071Z\",\"description\":\"TS ID: 55342497266; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--1fcdf65f-a35b-4556-a7cc-6c61084af334\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:54:54.071Z\",\"name\":\"mal_url: http://fvrlink.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:54.071Z\"}", "type": "indicator" @@ -29861,11 +29273,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015933493Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:00.871Z\",\"description\":\"TS ID: 55342497310; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--b1974beb-95fb-42b7-b2c0-81f71643da88\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-23T02:55:00.871Z\",\"name\":\"mal_url: http://euromopy.tech/rosemond/backup/dataz/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://euromopy.tech/rosemond/backup/dataz/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:00.871Z\"}", "type": "indicator" @@ -29913,11 +29324,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015937069Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:00.907Z\",\"description\":\"TS ID: 55342497300; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--48501c24-3a05-4f0c-88f1-2a50eaa227ea\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:55:00.907Z\",\"name\":\"mal_url: http://febspxi.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:00.907Z\"}", "type": "indicator" @@ -29965,11 +29375,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015940165Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:00.94Z\",\"description\":\"TS ID: 55342497242; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--6cfdb5ac-7f06-48e6-9ba6-67ade05e01d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-23T02:55:00.94Z\",\"name\":\"mal_url: http://ovdoker.myjino.ru/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ovdoker.myjino.ru/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:00.94Z\"}", "type": "indicator" @@ -30017,11 +29426,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015943221Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:03.894Z\",\"description\":\"TS ID: 55342497264; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--f48e2a6f-9af6-4b9c-b9a7-e2775d552731\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:55:03.894Z\",\"name\":\"mal_url: http://fvrlink.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:03.894Z\"}", "type": "indicator" @@ -30069,11 +29477,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015948431Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:15.714Z\",\"description\":\"TS ID: 55342497314; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--a3c0fc0a-ae59-495a-a9cc-b2dfe9a494ab\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-23T02:55:15.714Z\",\"name\":\"mal_url: http://epperfums.com/dino/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/dino/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:15.714Z\"}", "type": "indicator" @@ -30121,11 +29528,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015951346Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-24T02:54:25.932Z\",\"description\":\"TS ID: 55344292231; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--abe3e442-e923-4ad1-b4cb-3695a954a2a0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-24T02:54:25.932Z\",\"name\":\"mal_url: http://saind.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://saind.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-24T02:54:25.932Z\"}", "type": "indicator" @@ -30172,11 +29578,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015954211Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:18.371Z\",\"description\":\"TS ID: 55347597591; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--c19c0ccc-9df8-4804-83da-1c469d220574\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:52:18.371Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/7/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/7/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:18.371Z\"}", "type": "indicator" @@ -30224,11 +29629,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015957177Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:27.703Z\",\"description\":\"TS ID: 55347597548; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--00bee6fc-4a90-4160-8493-8176f8cf73ff\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:52:27.703Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/14/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/14/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:27.703Z\"}", "type": "indicator" @@ -30276,11 +29680,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015960153Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:27.729Z\",\"description\":\"TS ID: 55347597515; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--952cf095-32f4-4b10-8680-499ccd9f784f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-25T02:52:27.729Z\",\"name\":\"mal_url: http://pabloemino.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pabloemino.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:27.729Z\"}", "type": "indicator" @@ -30328,11 +29731,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015963028Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:27.765Z\",\"description\":\"TS ID: 55347597501; iType: mal_url; State: active; Org: Swiftway Sp. z o.o.; Source: CyberCrime\",\"id\":\"indicator--7f18dccc-1649-44ea-b9c7-e445487506a2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-43\"],\"modified\":\"2020-02-25T02:52:27.765Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:27.765Z\"}", "type": "indicator" @@ -30379,11 +29781,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015965833Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:27.808Z\",\"description\":\"TS ID: 55347597469; iType: mal_ip; State: active; Org: EuroByte LLC; Source: CyberCrime\",\"id\":\"indicator--4759e40a-5abd-49dc-90fd-2ba8bac1a613\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-25T02:52:27.808Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:27.808Z\"}", "type": "indicator" @@ -30424,11 +29825,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015968889Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:37.329Z\",\"description\":\"TS ID: 55347597509; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--ae58138e-b594-4519-adb0-6dbbd8377b75\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-02-25T02:52:37.329Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:37.329Z\"}", "type": "indicator" @@ -30469,11 +29869,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015971824Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:38.025Z\",\"description\":\"TS ID: 55347597663; iType: mal_ip; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--4c51e9ac-be12-496c-a2d0-7e3536243aef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-39\"],\"modified\":\"2020-02-25T02:52:38.025Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:38.025Z\"}", "type": "indicator" @@ -30514,11 +29913,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015980651Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:38.053Z\",\"description\":\"TS ID: 55347597470; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--c36b85d9-df19-439b-8605-d7c4b0653977\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:52:38.053Z\",\"name\":\"mal_url: http://ayoobtextlie.com/clap/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:38.053Z\"}", "type": "indicator" @@ -30566,11 +29964,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015983426Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:38.531Z\",\"description\":\"TS ID: 55347597659; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--862bddc3-1b58-45b2-a40d-502d50369e0e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-96\"],\"modified\":\"2020-02-25T02:52:38.531Z\",\"name\":\"mal_url: http://jusqit.com/2/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jusqit.com/2/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:38.531Z\"}", "type": "indicator" @@ -30618,11 +30015,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015986191Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:38.564Z\",\"description\":\"TS ID: 55347597488; iType: mal_url; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime\",\"id\":\"indicator--d16f564b-6c1f-4515-97e7-d9a19515dd78\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-25T02:52:38.564Z\",\"name\":\"mal_url: http://webupdateadobe.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://webupdateadobe.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:38.564Z\"}", "type": "indicator" @@ -30669,11 +30065,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015989267Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:40.276Z\",\"description\":\"TS ID: 55347597520; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--2c31e18b-164e-42bc-afd8-04815a33e043\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:52:40.276Z\",\"name\":\"mal_url: http://gsddfsfasa.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gsddfsfasa.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:40.276Z\"}", "type": "indicator" @@ -30721,11 +30116,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015992864Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:40.317Z\",\"description\":\"TS ID: 55347597516; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--8b22f126-3c79-4d20-8e8c-96e50c384ddf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-25T02:52:40.317Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:40.317Z\"}", "type": "indicator" @@ -30766,11 +30160,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015995799Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:40.344Z\",\"description\":\"TS ID: 55347597474; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime\",\"id\":\"indicator--387937df-4030-4cfe-91b7-bd9795985adc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:52:40.344Z\",\"name\":\"mal_url: http://atlasdecarqo.com/chief5/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atlasdecarqo.com/chief5/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:40.344Z\"}", "type": "indicator" @@ -30818,11 +30211,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.015998715Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:41.781Z\",\"description\":\"TS ID: 55347597465; iType: mal_ip; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--fca5d6b6-f486-4a46-a8a6-a1a6cb078a08\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-25T02:52:41.781Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:41.781Z\"}", "type": "indicator" @@ -30863,11 +30255,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016001610Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:52.59Z\",\"description\":\"TS ID: 55347597566; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--4f92667a-5e1b-4111-88d4-e3e04405e97a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:52:52.59Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/10/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/10/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:52.59Z\"}", "type": "indicator" @@ -30915,11 +30306,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016004325Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:52.623Z\",\"description\":\"TS ID: 55347597530; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--04bc5b54-46ae-44d7-96a6-863481383436\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:52:52.623Z\",\"name\":\"mal_url: http://anypontop.com/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://anypontop.com/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:52.623Z\"}", "type": "indicator" @@ -30967,11 +30357,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016007842Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:52.674Z\",\"description\":\"TS ID: 55347597522; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--65a5607b-388a-4789-98d0-84d77ee94047\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-25T02:52:52.674Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:52.674Z\"}", "type": "indicator" @@ -31012,11 +30401,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016010527Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:52.712Z\",\"description\":\"TS ID: 55347597467; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--b70344da-8137-4550-b569-97f0e3020ab1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-25T02:52:52.712Z\",\"name\":\"mal_url: http://epperfums.com/deal/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/deal/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:52.712Z\"}", "type": "indicator" @@ -31064,11 +30452,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016013302Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:55.912Z\",\"description\":\"TS ID: 55347597506; iType: mal_ip; State: active; Org: Leaseweb Deutschland GmbH; Source: CyberCrime\",\"id\":\"indicator--3ff92876-fac4-49a6-ae80-d123206dc224\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-25T02:52:55.912Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:55.912Z\"}", "type": "indicator" @@ -31109,11 +30496,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016016498Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:04.191Z\",\"description\":\"TS ID: 55347597485; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--cb9b2721-6623-44c2-b1e5-143f2291738b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-63\"],\"modified\":\"2020-02-25T02:53:04.191Z\",\"name\":\"mal_url: http://belt-yard-74.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://belt-yard-74.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:04.191Z\"}", "type": "indicator" @@ -31160,11 +30546,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016019243Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:12.657Z\",\"description\":\"TS ID: 55347597478; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime\",\"id\":\"indicator--04c56a59-3a16-4284-9edc-5445bb539ce5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:53:12.657Z\",\"name\":\"mal_url: http://atlasdecarqo.com/chief1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atlasdecarqo.com/chief1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:12.657Z\"}", "type": "indicator" @@ -31212,11 +30597,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016022099Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:15.804Z\",\"description\":\"TS ID: 55347597559; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--1989ffaf-19a7-4850-b142-d31758a3751f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:53:15.804Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/11/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/11/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:15.804Z\"}", "type": "indicator" @@ -31264,11 +30648,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016024884Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:15.88Z\",\"description\":\"TS ID: 55347597483; iType: mal_ip; State: active; Org: Datalot; Source: CyberCrime\",\"id\":\"indicator--66939f56-1a6f-43d1-b7a4-277e3ac55584\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-02-25T02:53:15.88Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:15.88Z\"}", "type": "indicator" @@ -31309,11 +30692,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016027609Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.191Z\",\"description\":\"TS ID: 55347597555; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--fe0a731e-e2ff-49ac-a597-150ce46a31fc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:53:17.191Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/12/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/12/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.191Z\"}", "type": "indicator" @@ -31361,11 +30743,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016030304Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.224Z\",\"description\":\"TS ID: 55347597468; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--53d00201-4c9a-4275-9091-4cf08fda4676\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:53:17.224Z\",\"name\":\"mal_url: http://ayoobtextlie.com/clean/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/clean/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.224Z\"}", "type": "indicator" @@ -31413,11 +30794,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016033059Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.256Z\",\"description\":\"TS ID: 55347597466; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--4e154929-35ec-4f71-8793-6b861a9a98f1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-25T02:53:17.256Z\",\"name\":\"mal_url: http://epperfums.com/divide/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/divide/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.256Z\"}", "type": "indicator" @@ -31465,11 +30845,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016035794Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.916Z\",\"description\":\"TS ID: 55347597583; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--4ce097b7-254b-41cf-8c7d-934524548fd6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:53:17.916Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/8/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/8/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.916Z\"}", "type": "indicator" @@ -31517,11 +30896,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016038610Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.952Z\",\"description\":\"TS ID: 55347597508; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--51f063d7-600f-43c3-9f88-92e4b3b603da\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:53:17.952Z\",\"name\":\"mal_url: http://petrouretro.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://petrouretro.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.952Z\"}", "type": "indicator" @@ -31569,11 +30947,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016041445Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.983Z\",\"description\":\"TS ID: 55347597481; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--5c9b2227-96df-4cc8-ba6b-c23f4da9667a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-25T02:53:17.983Z\",\"name\":\"mal_url: http://imperiaskygarden.net/.choo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://imperiaskygarden.net/.choo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.983Z\"}", "type": "indicator" @@ -31621,11 +30998,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016044230Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:36.323Z\",\"description\":\"TS ID: 55347597534; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--751b74f4-ded7-426d-b425-cb9c2b3113a8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:53:36.323Z\",\"name\":\"mal_url: http://agmardorecha.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://agmardorecha.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:36.323Z\"}", "type": "indicator" @@ -31673,11 +31049,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016047456Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:36.382Z\",\"description\":\"TS ID: 55347597492; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--4fcbf6f5-5acc-42da-acb0-497583b3388d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-02-25T02:53:36.382Z\",\"name\":\"mal_url: http://149.28.186.68/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://149.28.186.68/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:36.382Z\"}", "type": "indicator" @@ -31724,11 +31099,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016050312Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:36.421Z\",\"description\":\"TS ID: 55347597464; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--713e0d5f-3842-410f-98d8-25fe0f5b15db\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-25T02:53:36.421Z\",\"name\":\"mal_url: http://epperfums.com/dope/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/dope/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:36.421Z\"}", "type": "indicator" @@ -31776,11 +31150,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016053187Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:42.111Z\",\"description\":\"TS ID: 55347597500; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--895a994a-7833-47fe-a832-fc3ce5f070a5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-25T02:53:42.111Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:42.111Z\"}", "type": "indicator" @@ -31827,11 +31200,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016055932Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:16.295Z\",\"description\":\"TS ID: 55347597622; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--86fd616d-f6a3-45ff-a3a8-db1aa59defd9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:54:16.295Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/4/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/4/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:16.295Z\"}", "type": "indicator" @@ -31879,11 +31251,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016058637Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:21.544Z\",\"description\":\"TS ID: 55347597482; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--57fb3a6f-09ca-44a2-b309-724b570e1fd9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-02-25T02:54:21.544Z\",\"name\":\"mal_url: http://klickus.com/bin/cgi/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://klickus.com/bin/cgi/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:21.544Z\"}", "type": "indicator" @@ -31931,11 +31302,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016061362Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:32.178Z\",\"description\":\"TS ID: 55347597608; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--1b2dfaef-5caa-4114-9634-cf2f9959dbfb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:54:32.178Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/5/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/5/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:32.178Z\"}", "type": "indicator" @@ -31983,11 +31353,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016064027Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:37.327Z\",\"description\":\"TS ID: 55347597484; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--44544bfd-7131-4530-a9de-96c1840101c1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:54:37.327Z\",\"name\":\"mal_url: http://ayoobtextlie.com/copy/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/copy/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:37.327Z\"}", "type": "indicator" @@ -32035,11 +31404,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016066652Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:37.383Z\",\"description\":\"TS ID: 55347597463; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--51779de2-0d07-4d60-abf6-afdc0dfc7637\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-25T02:54:37.383Z\",\"name\":\"mal_url: http://0ooo.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://0ooo.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:37.383Z\"}", "type": "indicator" @@ -32086,11 +31454,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016069397Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:48.929Z\",\"description\":\"TS ID: 55347597475; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime\",\"id\":\"indicator--b7d14453-ad19-4246-961a-72f0e5136874\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:54:48.929Z\",\"name\":\"mal_url: http://atlasdecarqo.com/chief4/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atlasdecarqo.com/chief4/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:48.929Z\"}", "type": "indicator" @@ -32138,11 +31505,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016072153Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:54.632Z\",\"description\":\"TS ID: 55347597487; iType: mal_ip; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime\",\"id\":\"indicator--064f2766-97b6-481d-a273-f80a97524be8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-02-25T02:54:54.632Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:54.632Z\"}", "type": "indicator" @@ -32183,11 +31549,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016074968Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:06.15Z\",\"description\":\"TS ID: 55347597650; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--3f3bca20-c218-431d-8250-0f600b011971\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:55:06.15Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/1/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/1/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:06.15Z\"}", "type": "indicator" @@ -32235,11 +31600,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016077673Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:06.186Z\",\"description\":\"TS ID: 55347597472; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--6b3d6689-75e8-4f50-a1c0-f1a1e6158493\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:55:06.186Z\",\"name\":\"mal_url: http://ayoobtextlie.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:06.186Z\"}", "type": "indicator" @@ -32287,11 +31651,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016080458Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:06.314Z\",\"description\":\"TS ID: 55347597495; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--1306883c-b911-4116-9121-492450e4bb07\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-56\"],\"modified\":\"2020-02-25T02:55:06.314Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:06.314Z\"}", "type": "indicator" @@ -32338,11 +31701,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016084125Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:27.523Z\",\"description\":\"TS ID: 55347597627; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--d4a02ea1-435f-472e-8013-07e4e24f5a2e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:55:27.523Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/3/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/3/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:27.523Z\"}", "type": "indicator" @@ -32390,11 +31752,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016087030Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:35.424Z\",\"description\":\"TS ID: 55347597528; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--1e8d894d-1e8b-4ba9-ae25-1e3e00c055ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-25T02:55:35.424Z\",\"name\":\"mal_url: http://atomicwallet.email/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atomicwallet.email/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:35.424Z\"}", "type": "indicator" @@ -32442,11 +31803,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016090567Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:35.462Z\",\"description\":\"TS ID: 55347597489; iType: mal_url; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime\",\"id\":\"indicator--cb377636-13ce-421e-926f-e33e2b954263\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-02-25T02:55:35.462Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:35.462Z\"}", "type": "indicator" @@ -32493,11 +31853,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016093723Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:35.496Z\",\"description\":\"TS ID: 55347597477; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime\",\"id\":\"indicator--1163cdee-566a-404a-b66e-657857eb4af3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:55:35.496Z\",\"name\":\"mal_url: http://atlasdecarqo.com/chief2/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atlasdecarqo.com/chief2/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:35.496Z\"}", "type": "indicator" @@ -32545,11 +31904,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:47:51.016096548Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:39.691Z\",\"description\":\"TS ID: 55347597536; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--3190b47c-44f4-4e7e-8bd5-7b16a62fd3e9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:55:39.691Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:39.691Z\"}", "type": "indicator" diff --git a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml index 2e03b4daa00..fb63658f31a 100644 --- a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml @@ -4,12 +4,9 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_anomali/data_stream/limo/sample_event.json b/packages/ti_anomali/data_stream/limo/sample_event.json index 5a4d3e22730..2043f8e5c83 100644 --- a/packages/ti_anomali/data_stream/limo/sample_event.json +++ b/packages/ti_anomali/data_stream/limo/sample_event.json @@ -23,7 +23,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", diff --git a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json index 28e34f93640..e611706406c 100644 --- a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json +++ b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json @@ -21,11 +21,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128411250Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -86,11 +85,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128419526Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -149,11 +147,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128421880Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -212,11 +209,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128423754Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -267,11 +263,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128425447Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -331,11 +326,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128427130Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -395,11 +389,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128429054Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -455,11 +448,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128430787Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -509,11 +501,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128432460Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -572,11 +563,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128434263Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -634,11 +624,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128436828Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -690,11 +679,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128438652Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -746,11 +734,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128440415Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -807,11 +794,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128442048Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -864,11 +850,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128443591Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -918,11 +903,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128445244Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -974,11 +958,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128447178Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1031,11 +1014,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128449712Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1087,11 +1069,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128451396Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -1143,11 +1124,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128453169Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1198,11 +1178,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128454992Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1253,11 +1232,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128456635Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -1311,11 +1289,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128458128Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1366,11 +1343,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128459821Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1428,11 +1404,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128461364Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1485,11 +1460,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128462937Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1541,11 +1515,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128464430Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1596,11 +1569,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128466043Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1649,11 +1621,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128467916Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1711,11 +1682,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128469770Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1774,11 +1744,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128471413Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -1830,11 +1799,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128472966Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1887,11 +1855,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128474449Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -1943,11 +1910,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128476022Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -1997,11 +1963,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128477605Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2053,11 +2018,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128479178Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -2109,11 +2073,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128480891Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -2163,11 +2126,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128482484Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2218,11 +2180,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128484027Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -2279,11 +2240,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128485560Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2333,11 +2293,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128486992Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2389,11 +2348,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128488685Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2445,11 +2403,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128490238Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -2508,11 +2465,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128491851Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2564,11 +2520,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128493394Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -2625,11 +2580,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128495198Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2687,11 +2641,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128496771Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -2742,11 +2695,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128498334Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2797,11 +2749,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128499716Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -2853,11 +2804,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128501389Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2909,11 +2859,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128503203Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2970,11 +2919,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128504685Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -3025,11 +2973,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128506439Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -3079,11 +3026,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128507901Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3132,11 +3078,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128509334Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -3194,11 +3139,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128510867Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3248,11 +3192,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128512400Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -3303,11 +3246,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128514093Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -3359,11 +3301,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128515666Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3414,11 +3355,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128517239Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3470,11 +3410,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128518962Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -3531,11 +3470,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128520385Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -3587,11 +3525,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128521998Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -3642,11 +3579,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128523541Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -3698,11 +3634,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128525354Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3754,11 +3689,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128526797Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3810,11 +3744,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128528470Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -3865,11 +3798,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128529923Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3919,11 +3851,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128532157Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3981,11 +3912,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128533840Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4035,11 +3965,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128535343Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4089,11 +4018,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128537016Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4144,11 +4072,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128538870Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -4205,11 +4132,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128540583Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -4260,11 +4186,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128542436Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4314,11 +4239,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128544109Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4370,11 +4294,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128545602Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4431,11 +4354,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128547195Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4488,11 +4410,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128548978Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4543,11 +4464,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128551072Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4611,11 +4531,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128552565Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4673,11 +4592,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128554138Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4726,11 +4644,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128555651Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4785,11 +4702,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128557244Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4847,11 +4763,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128559208Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4910,11 +4825,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128560660Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4978,11 +4892,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128562424Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -5040,11 +4953,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128564187Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -5098,11 +5010,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128565840Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -5158,11 +5069,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128567353Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -5220,11 +5130,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128568936Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -5281,11 +5190,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128570519Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -5342,11 +5250,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128572002Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -5402,11 +5309,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128573545Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -5463,11 +5369,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128575178Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -5513,11 +5418,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128576751Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -5561,11 +5465,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128578344Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -5611,11 +5514,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128579967Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -5660,11 +5562,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128582401Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -5710,11 +5611,10 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:48:35.128584004Z", "kind": "enrichment", "severity": 3, "type": "indicator" diff --git a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml index 9d7e1297cbe..3a656473320 100644 --- a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml @@ -4,12 +4,9 @@ processors: # # Set basic ECS fields. # - - set: - field: event.ingested - value: "{{{ _ingest.timestamp }}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - fingerprint: fields: - event.dataset diff --git a/packages/ti_anomali/data_stream/threatstream/sample_event.json b/packages/ti_anomali/data_stream/threatstream/sample_event.json index 3dd5e6c5803..98ed754e7f1 100644 --- a/packages/ti_anomali/data_stream/threatstream/sample_event.json +++ b/packages/ti_anomali/data_stream/threatstream/sample_event.json @@ -35,7 +35,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index 1ecaf4bb7d7..d828e74b6f9 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -44,7 +44,7 @@ An example event for `limo` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", @@ -223,7 +223,7 @@ An example event for `threatstream` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 8c637677b84..a1232ff9fec 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: 1.2.3 +version: 1.3.0 release: ga description: Collect threat intelligence from Anomali APIs with Elastic Agent. type: integration diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index 29eda752ee5..60453578ef5 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.3.2" changes: - description: Adding field mapping for event.created diff --git a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json index b1ea36ed62b..d51c37577cc 100644 --- a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json +++ b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -63,7 +63,7 @@ "virustotal": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -111,7 +111,7 @@ "virustotal": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -157,7 +157,7 @@ "virustotal": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 835ddd259bf..1c7bf729b48 100644 --- a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Initial pipeline for parsing Cybersixgill webhooks processors: - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_cybersixgill/data_stream/threat/sample_event.json b/packages/ti_cybersixgill/data_stream/threat/sample_event.json index 715b56c23f5..d20d8876f38 100644 --- a/packages/ti_cybersixgill/data_stream/threat/sample_event.json +++ b/packages/ti_cybersixgill/data_stream/threat/sample_event.json @@ -25,7 +25,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "3f82d126-26ae-4993-a89b-63c5413149e0", diff --git a/packages/ti_cybersixgill/docs/README.md b/packages/ti_cybersixgill/docs/README.md index 1d005cf5b2c..3894f0b48ab 100644 --- a/packages/ti_cybersixgill/docs/README.md +++ b/packages/ti_cybersixgill/docs/README.md @@ -126,7 +126,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "3f82d126-26ae-4993-a89b-63c5413149e0", diff --git a/packages/ti_cybersixgill/manifest.yml b/packages/ti_cybersixgill/manifest.yml index 008c8027bce..62b83465493 100644 --- a/packages/ti_cybersixgill/manifest.yml +++ b/packages/ti_cybersixgill/manifest.yml @@ -1,6 +1,6 @@ name: ti_cybersixgill title: Cybersixgill -version: 1.3.2 +version: 1.4.0 release: ga description: This Elastic integration collects threat intelligence from Cybersixgill type: integration diff --git a/packages/ti_misp/_dev/build/build.yml b/packages/ti_misp/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_misp/_dev/build/build.yml +++ b/packages/ti_misp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index 97b1603c319..f970367d9b1 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.2" changes: - description: Add mapping for event.created diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json index baf0109ef6f..c488b957732 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json @@ -3,11 +3,10 @@ { "@timestamp": "2021-05-21T09:09:22.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051450584Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload installation\",\"comment\":\"Contextual comment for the file md5 attribute\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3631\",\"first_seen\":null,\"id\":\"266258\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588162\",\"to_ids\":false,\"type\":\"md5\",\"uuid\":\"34c59b06-d35d-4808-919c-4b452f185c52\",\"value\":\"70461da8b94c6ca5d2fda3260c5a8c3b\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"1\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}", "type": "indicator" @@ -79,11 +78,10 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051484497Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"Artefact dropped for test 2\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3632\",\"first_seen\":null,\"id\":\"266259\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588675\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"73102a1c-7432-47b7-9644-6f9d46b6887c\",\"value\":\"60461da8b94c6ca5d2fda3260c5a8c3b\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"2\",\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"analysis\":\"2\",\"date\":\"2018-03-26\",\"distribution\":\"3\",\"id\":\"684\",\"info\":\"OSINT - Forgot About Default Accounts? No Worries, GoScanSSH Didn’t\",\"org_id\":\"1\",\"orgc_id\":\"2\",\"published\":true,\"threat_level_id\":\"3\",\"timestamp\":\"1523865236\",\"uuid\":\"5acdb4d0-b534-4713-9612-4a1d950d210f\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"4\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3632\",\"info\":\"Test event 2 just more atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1621588836\",\"uuid\":\"efbca287-edb5-4ad7-b8e4-fe9da514a763\"}}", "type": "indicator" @@ -155,11 +153,10 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051494596Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Network activity\",\"comment\":\"Conext for domain type attribute event 2\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3632\",\"first_seen\":null,\"id\":\"266260\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588744\",\"to_ids\":true,\"type\":\"domain\",\"uuid\":\"a52a1b47-a580-4f33-96ba-939cf9146c9b\",\"value\":\"baddom.madeup.local\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"2\",\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"analysis\":\"2\",\"date\":\"2018-03-26\",\"distribution\":\"3\",\"id\":\"684\",\"info\":\"OSINT - Forgot About Default Accounts? No Worries, GoScanSSH Didn’t\",\"org_id\":\"1\",\"orgc_id\":\"2\",\"published\":true,\"threat_level_id\":\"3\",\"timestamp\":\"1523865236\",\"uuid\":\"5acdb4d0-b534-4713-9612-4a1d950d210f\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"4\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3632\",\"info\":\"Test event 2 just more atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1621588836\",\"uuid\":\"efbca287-edb5-4ad7-b8e4-fe9da514a763\"}}", "type": "indicator" @@ -229,11 +226,10 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051501670Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Network activity\",\"comment\":\"Ip-src attribute context for event2\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3632\",\"first_seen\":null,\"id\":\"266261\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588800\",\"to_ids\":false,\"type\":\"ip-src\",\"uuid\":\"3dbf224b-7c84-4c4b-9f95-80f28954bd10\",\"value\":\"10.0.0.1\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"2\",\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"analysis\":\"2\",\"date\":\"2018-03-26\",\"distribution\":\"3\",\"id\":\"684\",\"info\":\"OSINT - Forgot About Default Accounts? No Worries, GoScanSSH Didn’t\",\"org_id\":\"1\",\"orgc_id\":\"2\",\"published\":true,\"threat_level_id\":\"3\",\"timestamp\":\"1523865236\",\"uuid\":\"5acdb4d0-b534-4713-9612-4a1d950d210f\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"4\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3632\",\"info\":\"Test event 2 just more atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1621588836\",\"uuid\":\"efbca287-edb5-4ad7-b8e4-fe9da514a763\"}}", "type": "indicator" @@ -301,11 +297,10 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051508112Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Network activity\",\"comment\":\"ip-dst context for event id 2\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3632\",\"first_seen\":null,\"id\":\"266262\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588836\",\"to_ids\":true,\"type\":\"ip-dst\",\"uuid\":\"db4bfd36-7374-4f8c-9031-60e56d4bba30\",\"value\":\"192.168.1.50\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"2\",\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"analysis\":\"2\",\"date\":\"2018-03-26\",\"distribution\":\"3\",\"id\":\"684\",\"info\":\"OSINT - Forgot About Default Accounts? No Worries, GoScanSSH Didn’t\",\"org_id\":\"1\",\"orgc_id\":\"2\",\"published\":true,\"threat_level_id\":\"3\",\"timestamp\":\"1523865236\",\"uuid\":\"5acdb4d0-b534-4713-9612-4a1d950d210f\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"4\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3632\",\"info\":\"Test event 2 just more atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1621588836\",\"uuid\":\"efbca287-edb5-4ad7-b8e4-fe9da514a763\"}}", "type": "indicator" @@ -373,11 +368,10 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051513842Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266267\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"fullpath\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"ff97cc32-815e-4fc9-9d4b-cab9822027a6\",\"value\":\"\\\\the\\\\fullpath\\\\to the file\\\\filenameofobject.txt\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -464,11 +458,10 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051519774Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266268\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"size-in-bytes\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":false,\"type\":\"size-in-bytes\",\"uuid\":\"e378b4d9-43e1-4c64-bd4e-70fce2b4e581\",\"value\":\"505050\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -555,11 +548,10 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051525524Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266264\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"md5\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"787b3822-0bec-4278-b34a-5d649e7bce05\",\"value\":\"70461da8b94c6ca5d2fda3260c5a8c3b\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -650,11 +642,10 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051531435Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266265\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"sha256\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":true,\"type\":\"sha256\",\"uuid\":\"657c5f2b-9d68-4ff7-a9ad-ab9e6a6c953e\",\"value\":\"f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -745,11 +736,10 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051537236Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266266\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"filename\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":true,\"type\":\"filename\",\"uuid\":\"6648d129-9200-431b-9b41-263a84f7c9d2\",\"value\":\"filenameofobject.txt\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -838,11 +828,10 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051569517Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"266269\",\"last_seen\":null,\"object_id\":\"18208\",\"object_relation\":\"text\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621591770\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"25d2f181-26ae-4d6f-b4fd-85b9d1f82e67\",\"value\":\"Free text in the file object\"},\"ObjectReference\":[],\"comment\":\"File object for test event 4 \",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"18208\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621591770\",\"uuid\":\"190c762c-a389-4ecc-8f6e-68f92d42adef\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"3\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3634\",\"info\":\"Test event 4 with object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1621591770\",\"uuid\":\"d98a8418-9f90-4b50-a623-6921ca5b356d\"}}", "type": "indicator" @@ -911,11 +900,10 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051580658Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"266270\",\"last_seen\":null,\"object_id\":\"18208\",\"object_relation\":\"sha256\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621591770\",\"to_ids\":true,\"type\":\"sha256\",\"uuid\":\"4e579782-346b-44b3-b72c-1cae8d87cb25\",\"value\":\"567caa7653723f8818ec9eb6f2e27f6d9d8c0aca0c96fc457659340e7bbdc666\"},\"ObjectReference\":[],\"comment\":\"File object for test event 4 \",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"18208\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621591770\",\"uuid\":\"190c762c-a389-4ecc-8f6e-68f92d42adef\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"3\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3634\",\"info\":\"Test event 4 with object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1621591770\",\"uuid\":\"d98a8418-9f90-4b50-a623-6921ca5b356d\"}}", "type": "indicator" @@ -988,11 +976,10 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051589404Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"266271\",\"last_seen\":null,\"object_id\":\"18208\",\"object_relation\":\"filename\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621591770\",\"to_ids\":true,\"type\":\"filename\",\"uuid\":\"a40343b5-a480-4288-9b0c-7ae074a77140\",\"value\":\"filenameinmispobject.txt\"},\"ObjectReference\":[],\"comment\":\"File object for test event 4 \",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"18208\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621591770\",\"uuid\":\"190c762c-a389-4ecc-8f6e-68f92d42adef\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"3\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3634\",\"info\":\"Test event 4 with object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1621591770\",\"uuid\":\"d98a8418-9f90-4b50-a623-6921ca5b356d\"}}", "type": "indicator" @@ -1063,11 +1050,10 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051597279Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266272\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"text\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"188a6a15-5704-4e4f-acba-22c55ab08fe8\",\"value\":\"Object 5 free text attribute in object\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1136,11 +1122,10 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051604773Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266275\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"entropy\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":false,\"type\":\"float\",\"uuid\":\"2400b103-4a33-4f92-ac04-a558b6c6e252\",\"value\":\"0.53535445\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1209,11 +1194,10 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051611315Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266276\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"size-in-bytes\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":false,\"type\":\"size-in-bytes\",\"uuid\":\"e5ea3ec0-cdf4-4d3e-bd66-a7bf384fd3d7\",\"value\":\"55555\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1282,11 +1266,10 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051642203Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266273\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"sha256\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":true,\"type\":\"sha256\",\"uuid\":\"803f10bd-9087-4169-8699-277579a92693\",\"value\":\"567caa7653723f8818ec9eb6f2e27f6d9d8c0aca0c96fc457659340e7bbdc665\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1359,11 +1342,10 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051651551Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266274\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"filename\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":true,\"type\":\"filename\",\"uuid\":\"e5c7a9f0-c0e1-4024-9ab8-de8a1b403e4f\",\"value\":\"object5.txt\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1434,11 +1416,10 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051658414Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266278\",\"last_seen\":null,\"object_id\":\"18210\",\"object_relation\":\"text\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200348\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"955e34a5-a630-42c9-868d-6e3dcb575987\",\"value\":\"Excutable create bad pipe\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18210\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1622200348\",\"uuid\":\"afe43d99-d8b6-47fa-8e7b-3d3ece2f8366\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1525,11 +1506,10 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051664535Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266281\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"size-in-bytes\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":false,\"type\":\"size-in-bytes\",\"uuid\":\"2fa7721b-ad73-4914-b082-8d44233ced98\",\"value\":\"3892\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1616,11 +1596,10 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051670977Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266283\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"name\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"d35c1ff8-a69c-482b-8fb0-1182988d9468\",\"value\":\".data\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1707,11 +1686,10 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051677139Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266284\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"text\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"dc11971a-a676-4676-b24c-a45a8791e0b0\",\"value\":\"Extracted zip archive data\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1798,11 +1776,10 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051683310Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266285\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"entropy\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":false,\"type\":\"float\",\"uuid\":\"a85c0cbb-25a8-4bc9-b146-3cba1020e5bb\",\"value\":\"7.93280431051\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1889,11 +1866,10 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051689943Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266279\",\"last_seen\":null,\"object_id\":\"18210\",\"object_relation\":\"md5\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200348\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"1c97c043-5de2-41a1-b591-3237174cd290\",\"value\":\"7392463caf95534d56460bc9f360adc1\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18210\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1622200348\",\"uuid\":\"afe43d99-d8b6-47fa-8e7b-3d3ece2f8366\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1984,11 +1960,10 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051696495Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266282\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"md5\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"f3b8696e-5390-4383-ace2-6e06bfae497d\",\"value\":\"7295463caf95534d56460bc9f360adc1\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -2079,11 +2054,10 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:22.051702065Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266280\",\"last_seen\":null,\"object_id\":\"18210\",\"object_relation\":\"filename\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200348\",\"to_ids\":true,\"type\":\"filename\",\"uuid\":\"2dfcb937-e6af-4b5d-ad50-f8eb975990f3\",\"value\":\"badmojopipe.exe\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18210\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1622200348\",\"uuid\":\"afe43d99-d8b6-47fa-8e7b-3d3ece2f8366\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json index 2adb32caccc..34b6b4f9039 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json @@ -3,11 +3,10 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370808941Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"- Xchecked via VT: a683494fc0d017fd3b4638f8b84caaaac145cc28bc211bd7361723368b4bb21e\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"5\",\"first_seen\":null,\"id\":\"351\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1503930272\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"59a427a0-f6f8-4178-9e7d-dfd702de0b81\",\"value\":\"f2679bdabe46e10edc6352fff3c829bc\"},\"EventReport\":[],\"Galaxy\":[{\"GalaxyCluster\":[{\"authors\":[\"https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml\",\"http://pastebin.com/raw/GHgpWjar\",\"MISP Project\"],\"collection_uuid\":\"10cf658b-5d32-4c4b-bb32-61760a640372\",\"description\":\"It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS \\\\u003e Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com. CrySiS variant\",\"galaxy_id\":\"43\",\"id\":\"6619\",\"local\":false,\"meta\":{\"date\":[\"November 2016\"],\"encryption\":[\"AES + RSA-512\"],\"extensions\":[\".dharma\",\".wallet\",\".zzzzz\",\".cmb\",\".id-BCBEF350.[paymentbtc@firemail.cc].cmb\",\".bip\",\".id-BCBEF350.[Beamsell@qq.com].bip\",\".boost\",\".[Darknes@420blaze.it].waifu\",\".brrr\",\".adobe\",\".tron\",\".AUDIT\",\".cccmn\",\".fire\",\".myjob\",\".[cyberwars@qq.com].war\",\".risk\",\".RISK\",\".bkpx\",\".[newsantaclaus@aol.com].santa\"],\"payment-method\":[\"Bitcoin - Email\"],\"ransomnotes\":[\"all your data has been locked us\\\\nYou want to return?\\\\nwrite email paymentbtc@firemail.cc\",\"All your files have been encrypted!\\\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paymentbtc@firemail.cc\\\\nWrite this ID in the title of your message ACBFF130\\\\nIn case of no answer in 24 hours write us to theese e-mails:paymentbtc@firemail.cc\\\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\\\\nFree decryption as guarantee\\\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\\\\nHow to obtain Bitcoins\\\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\\\\nhttps://localbitcoins.com/buy_bitcoins\\\\nAlso you can find other places to buy Bitcoins and beginners guide here:\\\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/\\\\nAttention!\\\\nDo not rename encrypted files.\\\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.\",\"All your files have been encrypted!\\\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Beamsell@qq.com\\\\nWrite this ID in the title of your message BCBEF350\\\\nIn case of no answer in 24 hours write us to theese e-mails:Beamsell@qq.com\\\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. \\\\nFree decryption as guarantee\\\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) \\\\nHow to obtain Bitcoins\\\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. \\\\nhttps://localbitcoins.com/buy_bitcoins \\\\nAlso you can find other places to buy Bitcoins and beginners guide here: \\\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/ \\\\nAttention!\\\\nDo not rename encrypted files. \\\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.\",\"all your data has been locked us\\\\nYou want to return?\\\\nwrite email Beamsell@qq.com\"],\"ransomnotes-filenames\":[\"README.txt\",\"README.jpg\",\"Info.hta\",\"FILES ENCRYPTED.txt\",\"INFO.hta\"],\"ransomnotes-refs\":[\"https://www.bleepstatic.com/images/news/ransomware/d/dharma/cmb/hta-ransom-note.jpg\",\"https://pbs.twimg.com/media/Dmof_FiXsAAAvTN.jpg\",\"https://pbs.twimg.com/media/Dmof_FyXsAEJmgQ.jpg\",\"https://pbs.twimg.com/media/DrWqLWzXgAc4SlG.jpg\",\"https://pbs.twimg.com/media/DuEBIMBW0AANnGW.jpg\"],\"refs\":[\"https://id-ransomware.blogspot.co.il/2016/11/dharma-ransomware.html\",\"https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/\",\"https://www.bleepingcomputer.com/news/security/new-cmb-dharma-ransomware-variant-released/\",\"https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/\",\"https://twitter.com/demonslay335/status/1049313390097813504\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/\",\"https://twitter.com/JakubKroustek/status/1038680437508501504\",\"https://twitter.com/demonslay335/status/1059521042383814657\",\"https://twitter.com/demonslay335/status/1059940414147489792\",\"https://twitter.com/JakubKroustek/status/1060825783197933568\",\"https://twitter.com/JakubKroustek/status/1064061275863425025\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/\",\"https://www.youtube.com/watch?v=qjoYtwLx2TI\",\"https://twitter.com/GrujaRS/status/1072139616910757888\"]},\"source\":\"Various\",\"tag_id\":\"23\",\"tag_name\":\"misp-galaxy:ransomware=\\\"Dharma Ransomware\\\"\",\"type\":\"ransomware\",\"uuid\":\"2b365b2c-4a9a-4b66-804d-3b2d2814fe7b\",\"value\":\"Dharma Ransomware\",\"version\":\"86\"}],\"description\":\"Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml\",\"icon\":\"btc\",\"id\":\"43\",\"name\":\"Ransomware\",\"namespace\":\"misp\",\"type\":\"ransomware\",\"uuid\":\"3f44af2e-1480-4b6b-9aa8-f9bb21341078\",\"version\":\"4\"}],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"2\",\"local\":false,\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"Tag\":[{\"colour\":\"#0088cc\",\"exportable\":true,\"hide_tag\":false,\"id\":\"23\",\"local\":0,\"name\":\"misp-galaxy:ransomware=\\\"Dharma Ransomware\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#004646\",\"exportable\":true,\"hide_tag\":false,\"id\":\"21\",\"local\":0,\"name\":\"type:OSINT\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#ffffff\",\"exportable\":true,\"hide_tag\":false,\"id\":\"2\",\"local\":0,\"name\":\"tlp:white\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#2c4f00\",\"exportable\":true,\"hide_tag\":false,\"id\":\"24\",\"local\":0,\"name\":\"malware_classification:malware-category=\\\"Ransomware\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#00223b\",\"exportable\":true,\"hide_tag\":false,\"id\":\"3\",\"local\":0,\"name\":\"osint:source-type=\\\"blog - post\\\"\",\"numerical_value\":null,\"user_id\":\"0\"}],\"analysis\":\"2\",\"attribute_count\":\"7\",\"date\":\"2017-08-25\",\"disable_correlation\":false,\"distribution\":\"3\",\"extends_uuid\":\"\",\"id\":\"5\",\"info\":\"OSINT - New Arena Crysis Ransomware Variant Released\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"2\",\"proposal_email_lock\":false,\"publish_timestamp\":\"1603226331\",\"published\":true,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1503930276\",\"uuid\":\"59a3d08d-5dc8-4153-bc7c-456d950d210f\"}}", "type": "indicator" @@ -82,11 +81,10 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370831514Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"id\":\"10794\",\"type\":\"domain|ip\",\"category\":\"Network activity\",\"to_ids\":false,\"uuid\":\"5bf30242-8ef4-4c52-a2d7-0b7b0a016219\",\"event_id\":\"14\",\"distribution\":\"5\",\"timestamp\":\"1542652482\",\"comment\":\"1st stage\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"your-ip.getmyip.com|89.160.20.156\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"EventReport\":[],\"Galaxy\":[{\"GalaxyCluster\":[{\"authors\":[\"https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml\",\"http://pastebin.com/raw/GHgpWjar\",\"MISP Project\"],\"collection_uuid\":\"10cf658b-5d32-4c4b-bb32-61760a640372\",\"description\":\"It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS \\\\u003e Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com. CrySiS variant\",\"galaxy_id\":\"43\",\"id\":\"6619\",\"local\":false,\"meta\":{\"date\":[\"November 2016\"],\"encryption\":[\"AES + RSA-512\"],\"extensions\":[\".dharma\",\".wallet\",\".zzzzz\",\".cmb\",\".id-BCBEF350.[paymentbtc@firemail.cc].cmb\",\".bip\",\".id-BCBEF350.[Beamsell@qq.com].bip\",\".boost\",\".[Darknes@420blaze.it].waifu\",\".brrr\",\".adobe\",\".tron\",\".AUDIT\",\".cccmn\",\".fire\",\".myjob\",\".[cyberwars@qq.com].war\",\".risk\",\".RISK\",\".bkpx\",\".[newsantaclaus@aol.com].santa\"],\"payment-method\":[\"Bitcoin - Email\"],\"ransomnotes\":[\"all your data has been locked us\\\\nYou want to return?\\\\nwrite email paymentbtc@firemail.cc\",\"All your files have been encrypted!\\\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paymentbtc@firemail.cc\\\\nWrite this ID in the title of your message ACBFF130\\\\nIn case of no answer in 24 hours write us to theese e-mails:paymentbtc@firemail.cc\\\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\\\\nFree decryption as guarantee\\\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\\\\nHow to obtain Bitcoins\\\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\\\\nhttps://localbitcoins.com/buy_bitcoins\\\\nAlso you can find other places to buy Bitcoins and beginners guide here:\\\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/\\\\nAttention!\\\\nDo not rename encrypted files.\\\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.\",\"All your files have been encrypted!\\\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Beamsell@qq.com\\\\nWrite this ID in the title of your message BCBEF350\\\\nIn case of no answer in 24 hours write us to theese e-mails:Beamsell@qq.com\\\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. \\\\nFree decryption as guarantee\\\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) \\\\nHow to obtain Bitcoins\\\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. \\\\nhttps://localbitcoins.com/buy_bitcoins \\\\nAlso you can find other places to buy Bitcoins and beginners guide here: \\\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/ \\\\nAttention!\\\\nDo not rename encrypted files. \\\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.\",\"all your data has been locked us\\\\nYou want to return?\\\\nwrite email Beamsell@qq.com\"],\"ransomnotes-filenames\":[\"README.txt\",\"README.jpg\",\"Info.hta\",\"FILES ENCRYPTED.txt\",\"INFO.hta\"],\"ransomnotes-refs\":[\"https://www.bleepstatic.com/images/news/ransomware/d/dharma/cmb/hta-ransom-note.jpg\",\"https://pbs.twimg.com/media/Dmof_FiXsAAAvTN.jpg\",\"https://pbs.twimg.com/media/Dmof_FyXsAEJmgQ.jpg\",\"https://pbs.twimg.com/media/DrWqLWzXgAc4SlG.jpg\",\"https://pbs.twimg.com/media/DuEBIMBW0AANnGW.jpg\"],\"refs\":[\"https://id-ransomware.blogspot.co.il/2016/11/dharma-ransomware.html\",\"https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/\",\"https://www.bleepingcomputer.com/news/security/new-cmb-dharma-ransomware-variant-released/\",\"https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/\",\"https://twitter.com/demonslay335/status/1049313390097813504\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/\",\"https://twitter.com/JakubKroustek/status/1038680437508501504\",\"https://twitter.com/demonslay335/status/1059521042383814657\",\"https://twitter.com/demonslay335/status/1059940414147489792\",\"https://twitter.com/JakubKroustek/status/1060825783197933568\",\"https://twitter.com/JakubKroustek/status/1064061275863425025\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/\",\"https://www.youtube.com/watch?v=qjoYtwLx2TI\",\"https://twitter.com/GrujaRS/status/1072139616910757888\"]},\"source\":\"Various\",\"tag_id\":\"23\",\"tag_name\":\"misp-galaxy:ransomware=\\\"Dharma Ransomware\\\"\",\"type\":\"ransomware\",\"uuid\":\"2b365b2c-4a9a-4b66-804d-3b2d2814fe7b\",\"value\":\"Dharma Ransomware\",\"version\":\"86\"}],\"description\":\"Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml\",\"icon\":\"btc\",\"id\":\"43\",\"name\":\"Ransomware\",\"namespace\":\"misp\",\"type\":\"ransomware\",\"uuid\":\"3f44af2e-1480-4b6b-9aa8-f9bb21341078\",\"version\":\"4\"}],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"2\",\"local\":false,\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"Tag\":[{\"colour\":\"#0088cc\",\"exportable\":true,\"hide_tag\":false,\"id\":\"23\",\"local\":0,\"name\":\"misp-galaxy:ransomware=\\\"Dharma Ransomware\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#004646\",\"exportable\":true,\"hide_tag\":false,\"id\":\"21\",\"local\":0,\"name\":\"type:OSINT\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#ffffff\",\"exportable\":true,\"hide_tag\":false,\"id\":\"2\",\"local\":0,\"name\":\"tlp:white\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#2c4f00\",\"exportable\":true,\"hide_tag\":false,\"id\":\"24\",\"local\":0,\"name\":\"malware_classification:malware-category=\\\"Ransomware\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#00223b\",\"exportable\":true,\"hide_tag\":false,\"id\":\"3\",\"local\":0,\"name\":\"osint:source-type=\\\"blog - post\\\"\",\"numerical_value\":null,\"user_id\":\"0\"}],\"analysis\":\"2\",\"attribute_count\":\"7\",\"date\":\"2017-08-25\",\"disable_correlation\":false,\"distribution\":\"3\",\"extends_uuid\":\"\",\"id\":\"5\",\"info\":\"OSINT - New Arena Crysis Ransomware Variant Released\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"2\",\"proposal_email_lock\":false,\"publish_timestamp\":\"1603226331\",\"published\":true,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1503930276\",\"uuid\":\"59a3d08d-5dc8-4153-bc7c-456d950d210f\"}}", "type": "indicator" @@ -160,11 +158,10 @@ { "@timestamp": "2017-04-28T18:23:44.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370837084Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"External analysis\",\"comment\":\"Carbon sample - Xchecked via VT: a08b8371ead1919500a4759c2f46553620d5a9d9\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"4\",\"first_seen\":null,\"id\":\"342\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1490878550\",\"to_ids\":false,\"type\":\"link\",\"uuid\":\"58dd0056-6e74-43d5-b58b-494802de0b81\",\"value\":\"https://www.virustotal.com/file/7fa4482bfbca550ce296d8e791b1091d60d733ea8042167fd0eb853530584452/analysis/1486030116/\"},\"EventReport\":[],\"Galaxy\":[{\"GalaxyCluster\":[{\"authors\":[\"Alexandre Dulaunoy\",\"Florian Roth\",\"Timo Steffens\",\"Christophe Vandeplas\",\"Dennis Rand\",\"raw-data\"],\"collection_uuid\":\"0d821b68-9d82-4c6d-86a6-1071a9e0f79f\",\"description\":\"Family of related sophisticated backdoor software - Name comes from Microsoft detection signature – anagram of Ultra (Ultra3) was a name of the fake driver). A macOS version exists but appears incomplete and lacking features...for now!\",\"galaxy_id\":\"36\",\"id\":\"5828\",\"local\":false,\"meta\":{\"refs\":[\"https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf\",\"https://objective-see.com/blog/blog_0x25.html#Snake\"],\"synonyms\":[\"Snake\",\"Uroburos\",\"Urouros\"],\"type\":[\"Backdoor\",\"Rootkit\"]},\"source\":\"MISP Project\",\"tag_id\":\"22\",\"tag_name\":\"misp-galaxy:tool=\\\"Turla\\\"\",\"type\":\"tool\",\"uuid\":\"22332d52-c0c2-443c-9ffb-f08c0d23722c\",\"value\":\"Turla\",\"version\":\"138\"}],\"description\":\"Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.\",\"icon\":\"optin-monster\",\"id\":\"36\",\"name\":\"Tool\",\"namespace\":\"misp\",\"type\":\"tool\",\"uuid\":\"9b8037f7-bc8f-4de1-a797-37266619bc0b\",\"version\":\"3\"}],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"2\",\"local\":false,\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"4\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\"},\"analysis\":\"2\",\"date\":\"2015-01-20\",\"distribution\":\"3\",\"id\":\"369\",\"info\":\"OSINT Analysis of Project Cobra Another extensible framework used by the Uroburos’ actors from Gdata\",\"org_id\":\"1\",\"orgc_id\":\"4\",\"published\":true,\"threat_level_id\":\"1\",\"timestamp\":\"1498163317\",\"uuid\":\"54bf5a6f-ac50-4f71-9cd3-7080950d210b\"}},{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"4\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\"},\"analysis\":\"2\",\"date\":\"2014-11-20\",\"distribution\":\"3\",\"id\":\"621\",\"info\":\"Turla digging using TotalHash\",\"org_id\":\"1\",\"orgc_id\":\"4\",\"published\":true,\"threat_level_id\":\"2\",\"timestamp\":\"1498163604\",\"uuid\":\"546daad5-425c-4ac4-82c7-e07f950d210b\"}}],\"ShadowAttribute\":[],\"Tag\":[{\"colour\":\"#065100\",\"exportable\":true,\"hide_tag\":false,\"id\":\"22\",\"local\":0,\"name\":\"misp-galaxy:tool=\\\"Turla\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#ffffff\",\"exportable\":true,\"hide_tag\":false,\"id\":\"2\",\"local\":0,\"name\":\"tlp:white\",\"numerical_value\":null,\"user_id\":\"0\"}],\"analysis\":\"2\",\"attribute_count\":\"100\",\"date\":\"2017-03-30\",\"disable_correlation\":false,\"distribution\":\"3\",\"extends_uuid\":\"\",\"id\":\"4\",\"info\":\"OSINT - Carbon Paper: Peering into Turla’s second stage backdoor\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"2\",\"proposal_email_lock\":false,\"publish_timestamp\":\"1603226330\",\"published\":true,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1493403824\",\"uuid\":\"58dcfe62-ed84-4e5e-b293-4991950d210f\"}}", "type": "indicator" @@ -238,11 +235,10 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370841202Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1077\",\"type\":\"sha256\",\"category\":\"External analysis\",\"to_ids\":true,\"uuid\":\"54324042-49fc-4628-a95e-44da950d210b\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1412579394\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"0a1103bc90725d4665b932f88e81d39eafa5823b0de3ab146e2d4548b7da79a0\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -314,11 +310,10 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370845219Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1084\",\"type\":\"ip-dst\",\"category\":\"Network activity\",\"to_ids\":true,\"uuid\":\"54324081-3308-4f1f-8674-4953950d210b\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1412579457\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"89.160.20.156\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -386,11 +381,10 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370848996Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1086\",\"type\":\"hostname\",\"category\":\"Network activity\",\"to_ids\":true,\"uuid\":\"543240dc-f068-437a-baa9-48f2950d210b\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1412579548\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"xenserver.ddns.net\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -460,11 +454,10 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370852543Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1089\",\"type\":\"text\",\"category\":\"External analysis\",\"to_ids\":false,\"uuid\":\"543240f9-64e8-41f2-958f-4e21950d210b\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1412579577\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"Nitro\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -532,11 +525,10 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370856080Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1090\",\"type\":\"sha1\",\"category\":\"External analysis\",\"to_ids\":true,\"uuid\":\"56c625a7-f31c-460c-9ea1-c652950d210f\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1455826343\",\"comment\":\"Automatically added (via 7915aabb2e66ff14841e4ef0fbff7486)\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"0ea76f1586c008932d90c991dfdd5042f3aac8ea\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -608,11 +600,10 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370859526Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"12394\",\"type\":\"domain\",\"category\":\"Network activity\",\"to_ids\":false,\"uuid\":\"572b4ab3-1af0-4d91-9cd5-07a1c0a8ab16\",\"event_id\":\"22\",\"distribution\":\"5\",\"timestamp\":\"1462454963\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"whatsapp.com\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -682,11 +673,10 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370862802Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"158\",\"orgc_id\":\"5\",\"org_id\":\"1\",\"date\":\"2018-01-08\",\"threat_level_id\":\"1\",\"info\":\"Turla: Mosquito Whitepaper\",\"published\":true,\"uuid\":\"5a5395d1-40a0-45fc-b692-334a0a016219\",\"attribute_count\":\"61\",\"analysis\":\"0\",\"timestamp\":\"1535462417\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637953\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\",\"local\":false},\"Attribute\":{\"id\":\"17299\",\"type\":\"url\",\"category\":\"Network activity\",\"to_ids\":false,\"uuid\":\"5a53976c-e7c8-480d-a68a-2fc50a016219\",\"event_id\":\"158\",\"distribution\":\"5\",\"timestamp\":\"1515427692\",\"comment\":\"Fake adobe URL\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"http://get.adobe.com/stats/AbfFcBebD/?q=\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[{\"Event\":{\"id\":\"58\",\"date\":\"2018-08-17\",\"threat_level_id\":\"1\",\"info\":\"Turla Outlook White Paper\",\"published\":true,\"uuid\":\"5b773e07-e694-458b-b99c-27f30a016219\",\"analysis\":\"0\",\"timestamp\":\"1535462383\",\"distribution\":\"3\",\"org_id\":\"1\",\"orgc_id\":\"5\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\"},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\"}}}],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"7\",\"name\":\"misp-galaxy:threat-actor=\\\"Turla Group\\\"\",\"colour\":\"#0088cc\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":true,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"70\",\"name\":\"Turla\",\"colour\":\"#f20f53\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -762,11 +752,10 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370867481Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"158\",\"orgc_id\":\"5\",\"org_id\":\"1\",\"date\":\"2018-01-08\",\"threat_level_id\":\"1\",\"info\":\"Turla: Mosquito Whitepaper\",\"published\":true,\"uuid\":\"5a5395d1-40a0-45fc-b692-334a0a016219\",\"attribute_count\":\"61\",\"analysis\":\"0\",\"timestamp\":\"1535462417\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637953\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\",\"local\":false},\"Attribute\":{\"id\":\"17330\",\"type\":\"uri\",\"category\":\"Network activity\",\"to_ids\":false,\"uuid\":\"5a539ce1-3de0-4e34-8fc4-2fc50a016219\",\"event_id\":\"158\",\"distribution\":\"5\",\"timestamp\":\"1515429089\",\"comment\":\"Win32 backdoor C\u0026C URI\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"/scripts/m/query.php?id=\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[{\"Event\":{\"id\":\"58\",\"date\":\"2018-08-17\",\"threat_level_id\":\"1\",\"info\":\"Turla Outlook White Paper\",\"published\":true,\"uuid\":\"5b773e07-e694-458b-b99c-27f30a016219\",\"analysis\":\"0\",\"timestamp\":\"1535462383\",\"distribution\":\"3\",\"org_id\":\"1\",\"orgc_id\":\"5\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\"},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\"}}}],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"7\",\"name\":\"misp-galaxy:threat-actor=\\\"Turla Group\\\"\",\"colour\":\"#0088cc\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":true,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"70\",\"name\":\"Turla\",\"colour\":\"#f20f53\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -834,11 +823,10 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370871038Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"158\",\"orgc_id\":\"5\",\"org_id\":\"1\",\"date\":\"2018-01-08\",\"threat_level_id\":\"1\",\"info\":\"Turla: Mosquito Whitepaper\",\"published\":true,\"uuid\":\"5a5395d1-40a0-45fc-b692-334a0a016219\",\"attribute_count\":\"61\",\"analysis\":\"0\",\"timestamp\":\"1535462417\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637953\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\",\"local\":false},\"Attribute\":{\"id\":\"17322\",\"type\":\"filename|sha1\",\"category\":\"Artifacts dropped\",\"to_ids\":false,\"uuid\":\"5a539ce1-e6a0-426a-942c-2fc50a016219\",\"event_id\":\"158\",\"distribution\":\"5\",\"timestamp\":\"1515429089\",\"comment\":\"JavaScript backdoor\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"google_update_checker.js|c51d288469df9f25e2fb7ac491918b3e579282ea\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[{\"Event\":{\"id\":\"58\",\"date\":\"2018-08-17\",\"threat_level_id\":\"1\",\"info\":\"Turla Outlook White Paper\",\"published\":true,\"uuid\":\"5b773e07-e694-458b-b99c-27f30a016219\",\"analysis\":\"0\",\"timestamp\":\"1535462383\",\"distribution\":\"3\",\"org_id\":\"1\",\"orgc_id\":\"5\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\"},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\"}}}],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"7\",\"name\":\"misp-galaxy:threat-actor=\\\"Turla Group\\\"\",\"colour\":\"#0088cc\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":true,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"70\",\"name\":\"Turla\",\"colour\":\"#f20f53\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -912,11 +900,10 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370876909Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"22\",\"orgc_id\":\"4\",\"org_id\":\"1\",\"date\":\"2015-12-08\",\"threat_level_id\":\"3\",\"info\":\"Packrat: Seven Years of a South American Threat Actor\",\"published\":true,\"uuid\":\"56ccdcaf-f7e4-40d8-bca1-51299062e56a\",\"attribute_count\":\"133\",\"analysis\":\"2\",\"timestamp\":\"1516723796\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637901\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"4\",\"name\":\"CUDESO\",\"uuid\":\"56c42374-fdb8-4544-a218-41ffc0a8ab16\",\"local\":false},\"Attribute\":{\"id\":\"12268\",\"type\":\"email-src\",\"category\":\"Payload delivery\",\"to_ids\":true,\"uuid\":\"56ccdcb6-4d6c-4e48-b955-52849062e56a\",\"event_id\":\"22\",\"distribution\":\"5\",\"timestamp\":\"1456266422\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"claudiobonadio88@gmail.com\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -985,11 +972,10 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370881407Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"22\",\"orgc_id\":\"4\",\"org_id\":\"1\",\"date\":\"2015-12-08\",\"threat_level_id\":\"3\",\"info\":\"Packrat: Seven Years of a South American Threat Actor\",\"published\":true,\"uuid\":\"56ccdcaf-f7e4-40d8-bca1-51299062e56a\",\"attribute_count\":\"133\",\"analysis\":\"2\",\"timestamp\":\"1516723796\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637901\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"4\",\"name\":\"CUDESO\",\"uuid\":\"56c42374-fdb8-4544-a218-41ffc0a8ab16\",\"local\":false},\"Attribute\":{\"id\":\"12298\",\"type\":\"regkey\",\"category\":\"Artifacts dropped\",\"to_ids\":true,\"uuid\":\"56ccdcd6-f4b8-4383-9624-52849062e56a\",\"event_id\":\"22\",\"distribution\":\"5\",\"timestamp\":\"1456266454\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Active\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -1058,11 +1044,10 @@ { "@timestamp": "2020-12-13T14:03:16.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T08:56:24.370885284Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"10\",\"orgc_id\":\"4\",\"org_id\":\"1\",\"date\":\"2020-12-09\",\"threat_level_id\":\"3\",\"info\":\"Recent Qakbot (Qbot) activity\",\"published\":true,\"uuid\":\"5fd0c599-ab6c-4ba1-a69a-df9ec0a8ab16\",\"attribute_count\":\"15\",\"analysis\":\"2\",\"timestamp\":\"1607868196\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637888\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"4\",\"name\":\"CUDESO\",\"uuid\":\"56c42374-fdb8-4544-a218-41ffc0a8ab16\",\"local\":false},\"Attribute\":{\"id\":\"10686\",\"type\":\"ip-dst|port\",\"category\":\"Network activity\",\"to_ids\":true,\"uuid\":\"5fd0c620-a844-4ace-9710-a37bc0a8ab16\",\"event_id\":\"10\",\"distribution\":\"5\",\"timestamp\":\"1607517728\",\"comment\":\"On port 2222\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"89.160.20.156|2222\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"6\",\"name\":\"misp-galaxy:banker=\\\"Qakbot\\\"\",\"colour\":\"#0088cc\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":true,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" diff --git a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 9456fa99ffc..ce9f44b3b44 100644 --- a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -4,12 +4,9 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_misp/data_stream/threat/sample_event.json b/packages/ti_misp/data_stream/threat/sample_event.json index c84d8a407c6..2f0271242ca 100644 --- a/packages/ti_misp/data_stream/threat/sample_event.json +++ b/packages/ti_misp/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "f33cbb31-3e5c-4242-8b35-d4631555523c", diff --git a/packages/ti_misp/docs/README.md b/packages/ti_misp/docs/README.md index 8988289f760..79790f5d0e3 100644 --- a/packages/ti_misp/docs/README.md +++ b/packages/ti_misp/docs/README.md @@ -174,7 +174,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "f33cbb31-3e5c-4242-8b35-d4631555523c", diff --git a/packages/ti_misp/manifest.yml b/packages/ti_misp/manifest.yml index e77c6f55be7..43ccb7c7ac5 100644 --- a/packages/ti_misp/manifest.yml +++ b/packages/ti_misp/manifest.yml @@ -1,6 +1,6 @@ name: ti_misp title: MISP -version: 1.2.2 +version: 1.3.0 release: ga description: This Elastic integration collects events from MISP type: integration diff --git a/packages/ti_otx/_dev/build/build.yml b/packages/ti_otx/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_otx/_dev/build/build.yml +++ b/packages/ti_otx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index 8534abb5597..9a456eb4713 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.2" changes: - description: Add field mapping for event.created diff --git a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json index 88bd7eef7de..0403e888429 100644 --- a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json +++ b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json @@ -2,11 +2,10 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096014440Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":1588938}", "type": "indicator" @@ -24,11 +23,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096048003Z", "kind": "enrichment", "original": "{\"indicator\":\"90421f8531f963d81cf54245b72cde80\",\"description\":\"MD5 of a5725af4391d21a232dc6d4ad33d7d915bd190bdac9b1826b73f364dc5c1aa65\",\"title\":\"Win32:Hoblig-B\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":9751110}", "type": "indicator" @@ -53,11 +51,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096054706Z", "kind": "enrichment", "original": "{\"indicator\":\"ip.anysrc.net\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"hostname\",\"id\":16782717}", "type": "indicator" @@ -77,11 +74,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096060086Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":19901748}", "type": "indicator" @@ -99,11 +95,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096065105Z", "kind": "enrichment", "original": "{\"indicator\":\"d8c70ca70fd3555a0828fede6cc1f59e2c320ede80157039b6a2f09c336d5f7a\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":31612067}", "type": "indicator" @@ -125,11 +120,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096069514Z", "kind": "enrichment", "original": "{\"indicator\":\"f8e58af3ffefd4037fef246e93a55dc8\",\"description\":\"MD5 of df9b37477a83189cd4541674e64ce29bf7bf98338ed0d635276660e0c6419d09\",\"title\":null,\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":34413770}", "type": "indicator" @@ -153,11 +147,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096074543Z", "kind": "enrichment", "original": "{\"indicator\":\"1c62f004d0c9b91d3467b1b8106772e667e7e2075470c2ec7982b63573c90c54\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":111154034}", "type": "indicator" @@ -179,11 +172,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096079012Z", "kind": "enrichment", "original": "{\"indicator\":\"8d24a14f2600482d0231396b6350cf21773335ec2f0b8919763317fdab78baae\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":151858953}", "type": "indicator" @@ -207,11 +199,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096083079Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":311294364}", "type": "indicator" @@ -229,11 +220,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096087097Z", "kind": "enrichment", "original": "{\"indicator\":\"c758ec922b173820374e552c2f015ac53cc5d9f99cc92080e608652aaa63695b\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":406540408}", "type": "indicator" @@ -255,11 +245,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096093709Z", "kind": "enrichment", "original": "{\"indicator\":\"0df586aa0334dcbe047d24ce859d00e537fdb5e0ca41886dab27479b6fc61ba6\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":565556753}", "type": "indicator" @@ -281,11 +270,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096099430Z", "kind": "enrichment", "original": "{\"indicator\":\"aeb08b0651bc8a13dcf5e5f6c0d482f8\",\"description\":\"MD5 of 0df586aa0334dcbe047d24ce859d00e537fdb5e0ca41886dab27479b6fc61ba6\",\"title\":null,\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":565556755}", "type": "indicator" @@ -309,11 +297,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096104069Z", "kind": "enrichment", "original": "{\"indicator\":\"6df5e1a017dff52020c7ff6ad92fdd37494e31769e1be242f6b23d1ea2d60140\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":575672549}", "type": "indicator" @@ -335,11 +322,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096109018Z", "kind": "enrichment", "original": "{\"indicator\":\"c72fef3835f65cb380f6920b22c3488554d1af6d298562ccee92284f265c9619\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":575672550}", "type": "indicator" @@ -361,11 +347,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096113095Z", "kind": "enrichment", "original": "{\"indicator\":\"e711fcd0f182b214c6ec74011a395f4c853068d59eb7c57f90c4a3e1de64434a\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":995160791}", "type": "indicator" @@ -387,11 +372,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096117614Z", "kind": "enrichment", "original": "{\"indicator\":\"d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1011989699}", "type": "indicator" @@ -413,11 +397,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096121782Z", "kind": "enrichment", "original": "{\"indicator\":\"70447996722e5c04514d20b7a429d162b46546002fb0c87f512b40f16bac99bb\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1011989701}", "type": "indicator" @@ -439,11 +422,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096126611Z", "kind": "enrichment", "original": "{\"indicator\":\"29340643ca2e6677c19e1d3bf351d654\",\"description\":\"MD5 of 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1472176322}", "type": "indicator" @@ -468,11 +450,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096130819Z", "kind": "enrichment", "original": "{\"indicator\":\"86c314bc2dc37ba84f7364acd5108c2b\",\"description\":\"MD5 of 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1472457325}", "type": "indicator" @@ -497,11 +478,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096135157Z", "kind": "enrichment", "original": "{\"indicator\":\"cb0c1248d3899358a375888bb4e8f3fe\",\"description\":\"MD5 of 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56\",\"title\":\"Trojan:Win32/Occamy.B\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1472457326}", "type": "indicator" @@ -526,11 +506,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096140337Z", "kind": "enrichment", "original": "{\"indicator\":\"d348f536e214a47655af387408b4fca5\",\"description\":\"MD5 of 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1472457327}", "type": "indicator" @@ -555,11 +534,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096145075Z", "kind": "enrichment", "original": "{\"indicator\":\"29ff1903832827e328ad9ec05fdf268eadd6db8b613597cf65f8740c211be413\",\"description\":null,\"title\":\"vad_contains_network_strings\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1546012751}", "type": "indicator" @@ -583,11 +561,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096149634Z", "kind": "enrichment", "original": "{\"indicator\":\"b105891f90b2a8730bbadf02b5adeccbba539883bf75dec2ff7a5a97625dd222\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1546012939}", "type": "indicator" @@ -609,11 +586,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096154283Z", "kind": "enrichment", "original": "{\"indicator\":\"e4db5405ac7ab517d43722e1ca8d653ea4a32802bc8a5410d032275eedc7b7ee\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1546012967}", "type": "indicator" @@ -635,11 +611,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096158481Z", "kind": "enrichment", "original": "{\"indicator\":\"465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa\",\"description\":null,\"title\":\"Win.Malware.TrickbotSystemInfo-6335590-0\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1564141498}", "type": "indicator" @@ -663,11 +638,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096162608Z", "kind": "enrichment", "original": "{\"indicator\":\"5051906d6ed1b2ae9c9a9f070ef73c9be8f591d2e41d144649a0dc96e28d0400\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1564141523}", "type": "indicator" @@ -689,11 +663,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096167097Z", "kind": "enrichment", "original": "{\"indicator\":\"14b74cb9be8cad8eb5fa8842d00bb692\",\"description\":\"MD5 of 465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa\",\"title\":\"Win.Malware.TrickbotSystemInfo-6335590-0\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1564142109}", "type": "indicator" @@ -718,11 +691,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096171345Z", "kind": "enrichment", "original": "{\"indicator\":\"a5b59f7d133e354dfc73f40517aab730f322f0ef\",\"description\":\"SHA1 of 465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa\",\"title\":\"Win.Malware.TrickbotSystemInfo-6335590-0\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1564142964}", "type": "indicator" @@ -747,11 +719,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096175603Z", "kind": "enrichment", "original": "{\"indicator\":\"8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1566067095}", "type": "indicator" @@ -773,11 +744,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096179931Z", "kind": "enrichment", "original": "{\"indicator\":\"ff2dcea4963e060a658f4dffbb119529\",\"description\":\"MD5 of 5cb822616d2c9435c9ddd060d6abdbc286ab57cfcf6dc64768c52976029a925b\",\"title\":\"vad_contains_network_strings\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1566999970}", "type": "indicator" @@ -802,11 +772,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096184549Z", "kind": "enrichment", "original": "{\"indicator\":\"0d73f1a1c4b2f8723fffc83eb3d00f31\",\"description\":\"MD5 of 29ff1903832827e328ad9ec05fdf268eadd6db8b613597cf65f8740c211be413\",\"title\":\"vad_contains_network_strings\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1569290125}", "type": "indicator" @@ -831,11 +800,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096188777Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":1592876453}", "type": "indicator" @@ -853,11 +821,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096193376Z", "kind": "enrichment", "original": "{\"indicator\":\"d35a30264c0698709ad554489004e0077e263d354ced0c54552a0b500f91ecc0\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1597058431}", "type": "indicator" @@ -879,11 +846,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096197774Z", "kind": "enrichment", "original": "{\"indicator\":\"5264b455f453820be629a324196131492ff03c80491e823ac06657c9387250dd\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1603343478}", "type": "indicator" @@ -905,11 +871,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096202343Z", "kind": "enrichment", "original": "{\"indicator\":\"1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56\",\"description\":null,\"title\":\"Trojan:Win32/Occamy.B\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260302}", "type": "indicator" @@ -933,11 +898,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096206641Z", "kind": "enrichment", "original": "{\"indicator\":\"3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260304}", "type": "indicator" @@ -961,11 +925,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096210879Z", "kind": "enrichment", "original": "{\"indicator\":\"b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260305}", "type": "indicator" @@ -987,11 +950,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096215237Z", "kind": "enrichment", "original": "{\"indicator\":\"113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260310}", "type": "indicator" @@ -1015,11 +977,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096219445Z", "kind": "enrichment", "original": "{\"indicator\":\"9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260311}", "type": "indicator" @@ -1043,11 +1004,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096225075Z", "kind": "enrichment", "original": "{\"indicator\":\"c51024bb119211c335f95e731cfa9a744fcdb645a57d35fb379d01b7dbdd098e\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260316}", "type": "indicator" @@ -1069,11 +1029,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096229404Z", "kind": "enrichment", "original": "{\"indicator\":\"ad20c6fac565f901c82a21b70f9739037eb54818\",\"description\":\"SHA1 of 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1606260341}", "type": "indicator" @@ -1098,11 +1057,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096233852Z", "kind": "enrichment", "original": "{\"indicator\":\"13f11e273f9a4a56557f03821c3bfd591cca6ebc\",\"description\":\"SHA1 of 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1606260344}", "type": "indicator" @@ -1127,11 +1085,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096240204Z", "kind": "enrichment", "original": "{\"indicator\":\"1581fe76e3c96dc33182daafd09c8cf5c17004e0\",\"description\":\"SHA1 of 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1606260353}", "type": "indicator" @@ -1156,11 +1113,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096244472Z", "kind": "enrichment", "original": "{\"indicator\":\"b72e75e9e901a44b655a5cf89cf0eadcaff46037\",\"description\":\"SHA1 of 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56\",\"title\":\"Trojan:Win32/Occamy.B\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1606260364}", "type": "indicator" @@ -1185,11 +1141,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096248790Z", "kind": "enrichment", "original": "{\"indicator\":\"maper.info\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":1634015726}", "type": "indicator" @@ -1209,11 +1164,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096252878Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":1635374317}", "type": "indicator" @@ -1231,11 +1185,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096256795Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":1756014820}", "type": "indicator" @@ -1253,11 +1206,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096260642Z", "kind": "enrichment", "original": "{\"indicator\":\"9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543412}", "type": "indicator" @@ -1281,11 +1233,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096265050Z", "kind": "enrichment", "original": "{\"indicator\":\"be9fb556a3c7aef0329e768d7f903e7dd42a821abc663e11fb637ce33b007087\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543416}", "type": "indicator" @@ -1309,11 +1260,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096269238Z", "kind": "enrichment", "original": "{\"indicator\":\"3bfec096c4837d1e6485fe0ae0ea6f1c0b44edc611d4f2204cc9cf73c985cbc2\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543440}", "type": "indicator" @@ -1337,11 +1287,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096273566Z", "kind": "enrichment", "original": "{\"indicator\":\"dff2e39b2e008ea89a3d6b36dcd9b8c927fb501d60c1ad5a52ed1ffe225da2e2\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543441}", "type": "indicator" @@ -1365,11 +1314,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096277684Z", "kind": "enrichment", "original": "{\"indicator\":\"6b4d271a48d118843aee3dee4481fa2930732ed7075db3241a8991418f00d92b\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543445}", "type": "indicator" @@ -1393,11 +1341,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096281832Z", "kind": "enrichment", "original": "{\"indicator\":\"26de4265303491bed1424d85b263481ac153c2b3513f9ee48ffb42c12312ac43\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543456}", "type": "indicator" @@ -1421,11 +1368,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096285919Z", "kind": "enrichment", "original": "{\"indicator\":\"02f54da6c6f2f87ff7b713d46e058dedac1cedabd693643bb7f6dfe994b2105d\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543458}", "type": "indicator" @@ -1449,11 +1395,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096290548Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2114754074}", "type": "indicator" @@ -1471,11 +1416,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096295077Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2114754077}", "type": "indicator" @@ -1493,11 +1437,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096299455Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2114754078}", "type": "indicator" @@ -1515,11 +1458,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096303833Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2114754080}", "type": "indicator" @@ -1537,11 +1479,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096308051Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2117062744}", "type": "indicator" @@ -1559,11 +1500,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096312740Z", "kind": "enrichment", "original": "{\"indicator\":\"e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2117884668}", "type": "indicator" @@ -1585,11 +1525,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096316787Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2119746545}", "type": "indicator" @@ -1607,11 +1546,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096320915Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2129763785}", "type": "indicator" @@ -1629,11 +1567,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096324762Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2136050161}", "type": "indicator" @@ -1651,11 +1588,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096328600Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":\"Trickbot\",\"content\":\"\",\"type\":\"IPv4\",\"id\":2136079568}", "type": "indicator" @@ -1675,11 +1611,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096358886Z", "kind": "enrichment", "original": "{\"indicator\":\"fotmailz.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2137741373}", "type": "indicator" @@ -1699,11 +1634,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096367713Z", "kind": "enrichment", "original": "{\"indicator\":\"pori89g5jqo3v8.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2137741468}", "type": "indicator" @@ -1723,11 +1657,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096373674Z", "kind": "enrichment", "original": "{\"indicator\":\"sebco.co.ke\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2178708355}", "type": "indicator" @@ -1747,11 +1680,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096378343Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":\"Trickbot\",\"content\":\"\",\"type\":\"IPv4\",\"id\":2180669102}", "type": "indicator" @@ -1771,11 +1703,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096382551Z", "kind": "enrichment", "original": "{\"indicator\":\"chishir.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2186034800}", "type": "indicator" @@ -1795,11 +1726,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096388021Z", "kind": "enrichment", "original": "{\"indicator\":\"kostunivo.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2186034803}", "type": "indicator" @@ -1819,11 +1749,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096392319Z", "kind": "enrichment", "original": "{\"indicator\":\"mangoclone.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2186034805}", "type": "indicator" @@ -1843,11 +1772,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096396487Z", "kind": "enrichment", "original": "{\"indicator\":\"onixcellent.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2186034807}", "type": "indicator" @@ -1867,11 +1795,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096400995Z", "kind": "enrichment", "original": "{\"indicator\":\"fc0efd612ad528795472e99cae5944b68b8e26dc\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":2186034891}", "type": "indicator" @@ -1895,11 +1822,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096404933Z", "kind": "enrichment", "original": "{\"indicator\":\"24d4bbc982a6a561f0426a683b9617de1a96a74a\",\"description\":null,\"title\":\"Sf:ShellCode-DZ\\\\ [Trj]\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":2186034903}", "type": "indicator" @@ -1923,11 +1849,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096409611Z", "kind": "enrichment", "original": "{\"indicator\":\"fa98074dc18ad7e2d357b5d168c00a91256d87d1\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":2186034912}", "type": "indicator" @@ -1951,11 +1876,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096413779Z", "kind": "enrichment", "original": "{\"indicator\":\"e5dc7c8bfa285b61dda1618f0ade9c256be75d1a\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":2186034924}", "type": "indicator" @@ -1979,11 +1903,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096418328Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":\"Trickbot\",\"content\":\"\",\"type\":\"IPv4\",\"id\":2189036445}", "type": "indicator" @@ -2003,11 +1926,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096422566Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2189036446}", "type": "indicator" @@ -2025,11 +1947,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096427876Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2190596263}", "type": "indicator" @@ -2047,11 +1968,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096432274Z", "kind": "enrichment", "original": "{\"indicator\":\"10ec3571596c30b9993b89f12d29d23c\",\"description\":\"MD5 of 9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6\",\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":2192837907}", "type": "indicator" @@ -2076,11 +1996,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096436201Z", "kind": "enrichment", "original": "{\"id\":73,\"indicator\":\"http://www.playboysplus.com\",\"type\":\"URL\",\"title\":null,\"description\":null,\"content\":\"\"}", "type": "indicator" @@ -2104,11 +2023,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096442483Z", "kind": "enrichment", "original": "{\"id\":74,\"indicator\":\"http://join.playboysplus.com/signup/\",\"type\":\"URL\",\"title\":null,\"description\":null,\"content\":\"\"}", "type": "indicator" @@ -2132,11 +2050,10 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:03:36.096461639Z", "kind": "enrichment", "original": "{\"id\":970,\"indicator\":\"http://api.vk.com/method/wall.get?count=1\u0026owner_id=-81972386\",\"type\":\"URL\",\"title\":null,\"description\":null,\"content\":\"\"}", "type": "indicator" diff --git a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 494d667a7a3..8ce807b2392 100644 --- a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -4,12 +4,9 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_otx/data_stream/threat/sample_event.json b/packages/ti_otx/data_stream/threat/sample_event.json index 4bc1007633f..131bc083edd 100644 --- a/packages/ti_otx/data_stream/threat/sample_event.json +++ b/packages/ti_otx/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "93ca38c5-fdea-4af2-acab-27edbc2b3434", diff --git a/packages/ti_otx/docs/README.md b/packages/ti_otx/docs/README.md index f8af7ebce94..a6bdcca6e73 100644 --- a/packages/ti_otx/docs/README.md +++ b/packages/ti_otx/docs/README.md @@ -115,7 +115,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "93ca38c5-fdea-4af2-acab-27edbc2b3434", diff --git a/packages/ti_otx/manifest.yml b/packages/ti_otx/manifest.yml index 0abe4dc6bd4..b9d4e3eab8c 100644 --- a/packages/ti_otx/manifest.yml +++ b/packages/ti_otx/manifest.yml @@ -1,6 +1,6 @@ name: ti_otx title: AlienVault OTX -version: 1.2.2 +version: 1.3.0 release: ga description: Collect threat intelligence from AlienVault OTX with Elastic Agent. type: integration diff --git a/packages/ti_threatq/_dev/build/build.yml b/packages/ti_threatq/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_threatq/_dev/build/build.yml +++ b/packages/ti_threatq/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index c22007ca9ed..2b541ea57c7 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.2" changes: - description: Add event.created field mapping diff --git a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json index 8ba8e6cfa87..70f32e2a402 100644 --- a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json +++ b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json @@ -3,11 +3,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775716781Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1877,\"indicator_id\":336,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1878,\"indicator_id\":336,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"MP\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1879,\"indicator_id\":336,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Saipan\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1880,\"indicator_id\":336,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1881,\"indicator_id\":336,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1882,\"indicator_id\":336,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"1ece659dcec98b1e1141160b55655c96\",\"id\":336,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":336,\"indicator_id\":336,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -53,11 +52,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775748361Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1883,\"indicator_id\":337,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1884,\"indicator_id\":337,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1885,\"indicator_id\":337,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1886,\"indicator_id\":337,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1887,\"indicator_id\":337,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1888,\"indicator_id\":337,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Sacramento\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"73c98d43519990c841a5d022546fedd4\",\"id\":337,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":337,\"indicator_id\":337,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -103,11 +101,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775756185Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1889,\"indicator_id\":338,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1890,\"indicator_id\":338,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1891,\"indicator_id\":338,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1892,\"indicator_id\":338,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1893,\"indicator_id\":338,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"New York\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1894,\"indicator_id\":338,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"a9c6773919112627495d87c51fe89b15\",\"id\":338,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":338,\"indicator_id\":338,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -153,11 +150,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775762146Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:43\",\"id\":184,\"indicator_id\":34,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:35:49\",\"updated_at\":\"2020-10-15 14:35:49\",\"value\":\"4\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:43\",\"id\":185,\"indicator_id\":34,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:35:49\",\"updated_at\":\"2020-10-15 14:35:49\",\"value\":\"3\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:43\",\"id\":186,\"indicator_id\":34,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:35:49\",\"updated_at\":\"2020-10-15 14:35:49\",\"value\":\"Malicious Host\"},{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:43\",\"id\":187,\"indicator_id\":34,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:35:49\",\"updated_at\":\"2020-10-15 14:35:49\",\"value\":\"2\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:41\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:02\",\"hash\":\"56f3cb07a9055f52947bb4c4244f762d\",\"id\":34,\"published_at\":\"2020-09-11 14:35:41\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:43\",\"creator_source_id\":12,\"id\":34,\"indicator_id\":34,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:43\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:35:49\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -197,11 +193,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775769019Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1901,\"indicator_id\":340,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1902,\"indicator_id\":340,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1903,\"indicator_id\":340,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1904,\"indicator_id\":340,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1905,\"indicator_id\":340,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1906,\"indicator_id\":340,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Sacramento\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"97624a37200db6ba0bcfce8c9c28f527\",\"id\":340,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":340,\"indicator_id\":340,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -247,11 +242,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775774149Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1907,\"indicator_id\":341,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1908,\"indicator_id\":341,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1909,\"indicator_id\":341,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1910,\"indicator_id\":341,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Houston\"},{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1911,\"indicator_id\":341,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1912,\"indicator_id\":341,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"56a1917632c03f230c5645f432e71495\",\"id\":341,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":341,\"indicator_id\":341,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\",\"provider\":\"testprovider\",\"tlp_name\":\"testtlp\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -305,11 +299,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775779038Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1913,\"indicator_id\":342,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1914,\"indicator_id\":342,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Fort Lauderdale\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1915,\"indicator_id\":342,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1916,\"indicator_id\":342,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1917,\"indicator_id\":342,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1918,\"indicator_id\":342,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"6de45834c2a81597b59a91ead4fbdf59\",\"id\":342,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":342,\"indicator_id\":342,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -355,11 +348,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775784268Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1919,\"indicator_id\":343,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1920,\"indicator_id\":343,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Pompano Beach\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1921,\"indicator_id\":343,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1922,\"indicator_id\":343,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1923,\"indicator_id\":343,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1924,\"indicator_id\":343,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"994a4586b27e46db67a59220ab6dd73f\",\"id\":343,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":343,\"indicator_id\":343,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -405,11 +397,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775788917Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1937,\"indicator_id\":346,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1938,\"indicator_id\":346,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1939,\"indicator_id\":346,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1940,\"indicator_id\":346,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1941,\"indicator_id\":346,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Little Elm\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1942,\"indicator_id\":346,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"40e81e10007099902cf40cfe3a8227dc\",\"id\":346,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":346,\"indicator_id\":346,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -455,11 +446,10 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", - "ingested": "2022-04-11T09:23:29.775793836Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1943,\"indicator_id\":347,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1944,\"indicator_id\":347,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1945,\"indicator_id\":347,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1946,\"indicator_id\":347,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1947,\"indicator_id\":347,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Dallas\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1948,\"indicator_id\":347,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"418a88a2a1bac6980a7d83e6b2b2a27d\",\"id\":347,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":347,\"indicator_id\":347,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" diff --git a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index be43fea36bd..7b3718fcaac 100644 --- a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -4,12 +4,9 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_threatq/data_stream/threat/sample_event.json b/packages/ti_threatq/data_stream/threat/sample_event.json index 297ddb6dd4a..b55645b939e 100644 --- a/packages/ti_threatq/data_stream/threat/sample_event.json +++ b/packages/ti_threatq/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "394964aa-5974-455c-bea7-5c0b89b470bd", diff --git a/packages/ti_threatq/docs/README.md b/packages/ti_threatq/docs/README.md index 822712d08ad..cff24c8d1b7 100644 --- a/packages/ti_threatq/docs/README.md +++ b/packages/ti_threatq/docs/README.md @@ -118,7 +118,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "394964aa-5974-455c-bea7-5c0b89b470bd", diff --git a/packages/ti_threatq/manifest.yml b/packages/ti_threatq/manifest.yml index 5001710993a..4cef7a0b0d8 100644 --- a/packages/ti_threatq/manifest.yml +++ b/packages/ti_threatq/manifest.yml @@ -1,6 +1,6 @@ name: ti_threatq title: ThreatQuotient -version: 1.2.2 +version: 1.3.0 release: ga description: This Elastic integration collects threat intelligence from ThreatQuotient type: integration diff --git a/packages/tomcat/_dev/build/build.yml b/packages/tomcat/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/tomcat/_dev/build/build.yml +++ b/packages/tomcat/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/tomcat/changelog.yml b/packages/tomcat/changelog.yml index 2e4b8a0d4c6..974bff72e03 100644 --- a/packages/tomcat/changelog.yml +++ b/packages/tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 898c24c6dcc..2c749271703 100644 --- a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,10 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078826810Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-1516-asdf: 10.251.224.219||eacommod||rci||[29/Jan/2016:6:09:59 OMST]||exercita||https://example.com/illumqui/ventore.html?min=ite#utl||vol||amremap||oremi||ntsunti||5293||https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aliqu", "tags": [ @@ -14,10 +11,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078830153Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-259-CFYZ: 10.196.153.12||sequa||abo||[12/Feb/2016:1:12:33 PST]||umqui||https://www5.example.net/mdolo/mqui.htm?sumdo=litesse#orev||pisciv||uii||umexe||estlabo||5222||https://mail.example.com/uat/eporr.jpg?byCicer=luptat#agn||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||nulapari", "tags": [ @@ -26,10 +20,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078831224Z" + "version": "8.2.0" }, "message": "February 26 20:15:08 ctetur5806.api.home %APACHETOMCAT- COOK: 10.156.194.38||gnaali||enatus||[26/Feb/2016:8:15:08 PT]||incid||https://internal.example.com/tetur/idolor.html?ntex=eius#luptat||emape||aer||lupt||tia||7019||https://www.example.com/quis/orisn.txt?anti=ofdeF#metcons||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||nul", "tags": [ @@ -38,10 +29,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078832137Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-1060-INDEX: 10.196.118.192||tinculp||tur||[12/Mar/2016:3:17:42 CT]||equat||https://www5.example.org/nci/ofdeFin.gif?amco=exe#iatu||ionofde||con||uia||quiavo||1156||https://mail.example.com/consec/taliquip.html?radip=tNequ#gelit||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||tconsec", "tags": [ @@ -50,10 +38,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078833057Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4141-BADMTHD: 10.246.209.145||oluptas||llu||[26/Mar/2016:10:20:16 GMT+02:00]||ommod||https://internal.example.com/aqui/radipis.jpg?llumd=enatuse#magn||equuntu||eos||enimad||rmagni||1998||https://internal.example.net/onev/tenima.jpg?seq=olorema#ccaecat||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||fug", "tags": [ @@ -62,10 +47,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078833945Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-2964-BADMETHOD: 10.114.191.225||uian||tempo||[09/Apr/2016:5:22:51 PST]||exercit||https://internal.example.com/omnis/antium.txt?lupta=iusmodt#doloreeu||pori||occ||ect||reetdolo||2770||https://www5.example.org/uiano/mrema.htm?anim=autfugi#inBCSedu||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||tanimi", "tags": [ @@ -74,10 +56,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078834809Z" + "version": "8.2.0" }, "message": "April 24 00:25:25 erep2696.www.home %APACHETOMCAT- INDEX: 10.38.77.13||aquaeab||liqu||[24/Apr/2016:12:25:25 PT]||ehend||https://www5.example.net/uidolore/niamqu.gif?iat=tevelit#nsequat||loremagn||ipis||gelits||tatevel||3856||https://api.example.com/uovol/dmi.txt?quunt=ptat#ore||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||tsed", "tags": [ @@ -86,10 +65,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078835670Z" + "version": "8.2.0" }, "message": "May 8 07:27:59 mUt2398.invalid %APACHETOMCAT- DEBUG: 10.11.201.109||boree||ugits||[08/May/2016:7:27:59 CEST]||iinea||https://www.example.org/idexea/riat.txt?tvol=moll#tatione||inB||deomni||tquovol||ntsuntin||3341||https://mail.example.org/imav/ididu.htm?tion=orsitame#quiratio||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||iam", "tags": [ @@ -98,10 +74,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078836523Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-3097-BADMTHD: 10.182.166.181||apariat||mol||[22/May/2016:2:30:33 CT]||olupta||https://api.example.org/toccae/tatno.gif?taliqu=temUten#ccusan||iqu||ollit||usan||aper||5529||https://example.org/uaera/sitas.txt?aedic=atquovo#iumto||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||mquaera", "tags": [ @@ -110,10 +83,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078837386Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-6283-null: 10.185.126.247||vel||quu||[05/Jun/2016:9:33:08 OMST]||avol||https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq||metcon||smo||litessec||emporinc||5075||https://internal.example.com/atcu/oremagna.jpg?remipsum=liq#ist||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||caecatc", "tags": [ @@ -122,10 +92,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078838275Z" + "version": "8.2.0" }, "message": "June 20 04:35:42 siuta2896.www.localhost %APACHETOMCAT- SEARCH: 10.72.114.23||enia||nsequu||[20/Jun/2016:4:35:42 PST]||rsint||https://example.com/idestla/Nemoeni.htm?taed=lup#remeumf||antiumto||strude||ctetura||usmod||1640||https://mail.example.net/lor/fugit.jpg?rsitamet=lupt#xea||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||orain", "tags": [ @@ -134,10 +101,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078839324Z" + "version": "8.2.0" }, "message": "July 4 11:38:16 oin6316.www5.host %APACHETOMCAT- TRACE: 10.129.241.147||lores||lapariat||[04/Jul/2016:11:38:16 PST]||etc||https://example.net/nimadmin/ditautfu.html?lpa=entsu#dun||onproide||luptat||itaut||imaven||152||https://internal.example.net/onproide/Nemoen.gif?pitla=ccu#urE||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||inculpaq", "tags": [ @@ -146,10 +110,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078840200Z" + "version": "8.2.0" }, "message": "July 18 18:40:50 tionemu7691.www.local %APACHETOMCAT- BDMTHD: 10.185.101.76||errorsi||des||[18/Jul/2016:6:40:50 GMT+02:00]||stl||https://www5.example.com/ono/stru.jpg?emaperi=tame#tinvol||tectobe||colabor||iusmodt||etdolo||3768||https://internal.example.net/ommod/sequatur.txt?tlabo=suntexp#ugiatnu||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||itecto", "tags": [ @@ -158,10 +119,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078841073Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-3217-GET: 10.57.170.140||nsec||onse||[02/Aug/2016:1:43:25 OMST]||inibusBo||https://example.net/tion/eataev.htm?uiineavo=tisetq#irati||ici||giatquov||eritquii||dexeac||3088||https://www.example.org/oreseos/uames.txt?msequi=isnostru#iquaUten||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||iadese", "tags": [ @@ -170,10 +128,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078841945Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-1109-PUT: 10.33.153.47||hil||atquovo||[16/Aug/2016:8:45:59 GMT+02:00]||iineavo||https://internal.example.com/isno/taliq.htm?nnu=dolo#Loremip||idolor||emeumfu||CSed||lupt||6136||https://internal.example.net/quip/mporain.txt?uatD=iunt#temveleu||Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||tio", "tags": [ @@ -182,10 +137,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078842847Z" + "version": "8.2.0" }, "message": "August 30 15:48:33 conse2991.internal.lan %APACHETOMCAT- FGET: 10.116.104.101||gnam||tat||[30/Aug/2016:3:48:33 CET]||lumqui||https://internal.example.net/mdolore/rQuisau.gif?iavolu=den#tutla||olorema||iades||siarchi||datatn||5076||https://internal.example.net/mipsumd/eFinib.jpg?remi=saute#ercit||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||remagn", "tags": [ @@ -194,10 +146,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078843866Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-3361-null: 10.202.194.67||samvolu||ittenbyC||[13/Sep/2016:10:51:07 ET]||eirure||https://internal.example.com/oidentsu/atiset.jpg?ntor=lpaqui#sitame||iadese||nsectet||utla||utei||2716||https://example.com/tlabori/oin.jpg?quisnos=ite#ationul||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||eritqu", "tags": [ @@ -206,10 +155,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078844745Z" + "version": "8.2.0" }, "message": "September 28 05:53:42 wri2784.api.domain %APACHETOMCAT- PUT: 10.153.111.103||itquiin||modocon||[28/Sep/2016:5:53:42 PST]||taevit||https://www5.example.com/etconse/tincu.txt?lit=asun#estia||eaq||occae||ctetura||labore||4621||https://www.example.com/adeseru/emoe.html?atur=itanimi#itame||Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30||rehender", "tags": [ @@ -218,10 +164,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078845614Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-1637-DETECT_METHOD_TYPE: 10.52.186.29||equat||doloreme||[12/Oct/2016:12:56:16 GMT+02:00]||ione||https://www5.example.org/eriamea/amre.htm?magni=pisciv#iquidex||radipisc||tmo||fficiade||uscipit||4168||https://internal.example.net/oru/temqu.htm?etMalor=ipi#reseos||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mcolab", "tags": [ @@ -230,10 +173,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078846482Z" + "version": "8.2.0" }, "message": "October 26 19:58:50 oquisqu2937.mail.domain %APACHETOMCAT- BDMTHD: 10.209.182.237||tper||olor||[26/Oct/2016:7:58:50 GMT-07:00]||osqui||https://www.example.org/iutali/fdeFi.jpg?liquide=etdol#uela||boN||eprehend||aevit||aboN||3423||https://example.net/tlabo/uames.gif?mpo=offi#giatnu||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||lor", "tags": [ @@ -242,10 +182,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078847365Z" + "version": "8.2.0" }, "message": "November 10 03:01:24 dolore1287.internal.lan %APACHETOMCAT- CFYZ: 10.63.194.87||quisno||sin||[10/Nov/2016:3:01:24 CT]||aliquam||https://mail.example.net/itatione/isnis.html?oluptate=issus#osamn||isnisiu||bore||tsu||tcons||3128||https://api.example.org/lorinre/olorsita.gif?idata=rumwritt#magnid||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||dol", "tags": [ @@ -254,10 +191,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078848252Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4307-TRACE: 10.62.191.18||tevelite||orporiss||[24/Nov/2016:10:03:59 OMST]||tlabo||https://www.example.org/emvel/tmollita.htm?numqua=veni#eveli||eroi||dtemp||aliquide||ofde||4940||https://www5.example.org/maven/hende.jpg?labor=didunt#uptatema||Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||udan", "tags": [ @@ -266,10 +200,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078849117Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-6040-CFYZ: 10.238.164.29||aturQui||utlabor||[08/Dec/2016:5:06:33 ET]||temvel||https://example.net/nisi/dant.txt?ecte=tinvolu#iurer||iciadese||quidolor||tessec||olupta||2660||https://example.org/idolor/uisau.jpg?llumdolo=nre#ercitat||Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||uiinea", "tags": [ @@ -278,10 +209,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078850125Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-1612-SEARCH: 10.155.230.17||eni||ionevo||[23/Dec/2016:12:09:07 CT]||Ute||https://internal.example.com/sintocc/tlabor.txt?tDuisaut=oinBC#quameius||ipsumdol||tet||etdo||urerepr||4674||https://example.com/tetu/stru.htm?tlabore=Exc#pora||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||uteirure", "tags": [ @@ -290,10 +218,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078851058Z" + "version": "8.2.0" }, "message": "January 6 07:11:41 ide2767.www5.local %APACHETOMCAT- RNDMMTD: 10.102.229.102||nnum||tenbyCi||[06/Jan/2017:7:11:41 PST]||tco||https://example.net/officiad/itam.html?madmi=tur#roi||niamqui||orem||sno||atno||5263||https://mail.example.net/ntocca/ostru.txt?quiavol=rrorsi#temquiav||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||sec", "tags": [ @@ -302,10 +227,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078856698Z" + "version": "8.2.0" }, "message": "January 20 14:14:16 sBon1759.invalid %APACHETOMCAT- HEAD: 10.194.14.7||ten||vita||[20/Jan/2017:2:14:16 OMST]||ullamcor||https://mail.example.org/tor/qui.txt?eavolup=fugiatn#docon||etconsec||ios||evolu||ersp||3536||https://www5.example.org/sauteiru/mod.gif?tes=mquame#nihilmol||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||orain", "tags": [ @@ -314,10 +236,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078857704Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-6113-get: 10.99.0.226||madmi||uidol||[03/Feb/2017:9:16:50 ET]||quameius||https://api.example.net/roid/inibusB.jpg?Nemoenim=squirati#Sedutp||utp||ema||rsitv||iciade||5649||https://example.com/lup/tatemUt.html?upida=tvolupt#eufugi||Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36||uredol", "tags": [ @@ -326,10 +245,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078858573Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-6945-DETECT_METHOD_TYPE: 10.107.174.213||tenimad||minimav||[18/Feb/2017:4:19:24 OMST]||taedicta||https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut||uamni||ctet||ati||uine||2438||https://api.example.org/loreme/untu.htm?ven=con#nisist||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||ium", "tags": [ @@ -338,10 +254,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078859446Z" + "version": "8.2.0" }, "message": "March 4 11:21:59 idunt4707.host %APACHETOMCAT- ABCD: 10.84.25.23||laudant||isnost||[04/Mar/2017:11:21:59 CET]||rQuisau||https://mail.example.org/iscinge/ofdeFini.jpg?molli=velitse#oditem||gitsedqu||borios||rsitvolu||quam||5315||https://www.example.org/ineavo/pexe.htm?iadolor=amcol#adeser||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||gitsed", "tags": [ @@ -350,10 +263,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078860329Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4367-uGET: 10.193.143.108||idolo||luptate||[18/Mar/2017:6:24:33 PT]||atisun||https://www.example.org/epre/tobeata.html?quia=iduntu#idestlab||rnatur||ofdeFin||essequam||acommo||3105||https://api.example.com/cusant/atemq.gif?itecto=reetdol#totamre||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||ercita", "tags": [ @@ -362,10 +272,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078861270Z" + "version": "8.2.0" }, "message": "April 2 01:27:07 emquia1497.www5.lan %APACHETOMCAT- INDEX: 10.190.51.22||uamei||siut||[02/Apr/2017:1:27:07 CT]||uisa||https://example.com/mexe/its.htm?ice=oles#edic||seq||tutlab||sau||atevelit||2450||https://example.org/aperia/ccaeca.gif?ttenby=boris#stenatu||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||orumSe", "tags": [ @@ -374,10 +281,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078862131Z" + "version": "8.2.0" }, "message": "April 16 08:29:41 riat3854.www5.home %APACHETOMCAT- BADMETHOD: 10.194.90.130||siut||tconsect||[16/Apr/2017:8:29:41 PT]||piscinge||https://www.example.com/velitess/naali.htm?nre=veli#volupta||rnatu||elitse||ima||quasia||2382||https://www5.example.com/quamqua/eacommod.html?iumdol=tpersp#stla||mobmail android 2.1.3.3150||sequamni", "tags": [ @@ -386,10 +290,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078863022Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-6198-BDMTHD: 10.10.213.83||nea||psum||[30/Apr/2017:3:32:16 OMST]||ncididun||https://www.example.org/xeacomm/cinge.txt?apariat=vitaedi#lorsita||dolore||uptate||quidexea||ect||23||https://internal.example.com/ate/odoconse.jpg?quatu=veli#tenim||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||labo", "tags": [ @@ -398,10 +299,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078863889Z" + "version": "8.2.0" }, "message": "May 14 22:34:50 aboreetd5461.host %APACHETOMCAT- uGET: 10.52.125.9||hit||urv||[14/May/2017:10:34:50 ET]||nimid||https://api.example.org/texpli/exeacom.jpg?rita=esseci#tametcon||liqua||mvele||isis||uasiar||2552||https://mail.example.net/loremqu/dantium.htm?teirured=onemulla#dolorem||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||rauto", "tags": [ @@ -410,10 +308,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078864914Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-5770-RNDMMTD: 10.19.17.202||nby||mve||[29/May/2017:5:37:24 PT]||isau||https://api.example.net/ibusBon/ven.gif?nsequat=doloreme#dun||reprehe||tincu||suntin||itse||814||https://www5.example.org/intocc/amcorp.html?ssecillu=liqua#olo||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aec", "tags": [ @@ -422,10 +317,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078865841Z" + "version": "8.2.0" }, "message": "June 12 12:39:58 iquidexe304.mail.test %APACHETOMCAT- RNDMMTD: 10.195.64.5||oreetd||uat||[12/Jun/2017:12:39:58 PT]||moenimi||https://mail.example.org/oconsequ/edquiac.gif?preh=ercit#etMal||qua||rsita||ate||ipsamvo||344||https://api.example.com/tdol/upt.htm?asper=idunt#luptat||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||ica", "tags": [ @@ -434,10 +326,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078866761Z" + "version": "8.2.0" }, "message": "June 26 19:42:33 remips4828.www5.host %APACHETOMCAT- POST: 10.209.77.194||tvolup||itesseq||[26/Jun/2017:7:42:33 OMST]||snost||https://internal.example.com/llamc/nte.htm?utali=porinc#tetur||xce||dat||aincidu||nimadmin||4843||https://mail.example.com/eumfugi/etdolor.htm?dic=cola#amcor||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||elites", "tags": [ @@ -446,10 +335,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078867688Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-1952-MKCOL: 10.168.6.90||rem||amvolupt||[11/Jul/2017:2:45:07 GMT+02:00]||atisund||https://example.net/ites/isetq.gif?nisiut=tur#avolupt||ariatur||rer||iconseq||porincid||6941||https://mail.example.org/nofd/dipisci.txt?ilmol=eri#quunt||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||tae", "tags": [ @@ -458,10 +344,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078868610Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-7717-rndmmtd: 10.89.137.238||plica||ore||[25/Jul/2017:9:47:41 OMST]||emqu||https://mail.example.com/acommod/itsedd.html?admin=stenatu#inibu||est||uptatemU||leumiu||tla||4765||https://api.example.org/isa/niamqui.jpg?dqu=pid#rExc||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||erun", "tags": [ @@ -470,10 +353,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078869531Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4574-OPTIONS: 10.246.61.213||ntutlabo||iusmodte||[08/Aug/2017:4:50:15 CT]||loi||https://example.org/Nequepor/eirure.htm?idid=tesse#sequat||giatquov||tconsec||miurerep||toccaec||7645||https://www5.example.net/psaqua/ullamcor.txt?qui=cupi#tame||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||orroq", "tags": [ @@ -482,10 +362,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078870449Z" + "version": "8.2.0" }, "message": "August 22 23:52:50 orin5238.host %APACHETOMCAT- MKCOL: 10.117.44.138||orem||rcit||[22/Aug/2017:11:52:50 PST]||enderit||https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo||oluptas||emvele||isnost||olorem||2760||https://www5.example.net/quunt/acommod.jpg?sit=rumSect#ita||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||aliq", "tags": [ @@ -494,10 +371,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078871371Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4801-PRONECT: 10.69.30.196||tore||elits||[06/Sep/2017:6:55:24 OMST]||ruredo||https://example.net/temUt/ptassita.gif?uamnihi=risnis#uov||itlab||urmag||omm||equ||4808||https://www.example.net/siuta/urmagn.html?uptat=idex#ptateve||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||nimveni", "tags": [ @@ -506,10 +380,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078872313Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-7668-BADMTHD: 10.135.91.88||ercit||eporroq||[20/Sep/2017:1:57:58 CT]||ugiatn||https://api.example.com/dictasun/abore.txt?modocon=ipsu#ntNeq||tate||urExce||asi||ectiono||2241||https://example.org/onu/liquaUte.txt?velillu=ria#atDu||Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||emq", "tags": [ @@ -518,10 +389,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078873253Z" + "version": "8.2.0" }, "message": "October 4 21:00:32 agnaaliq1829.mail.test %APACHETOMCAT- ABCD: 10.81.45.174||tin||fugitse||[04/Oct/2017:9:00:32 CEST]||liquide||https://example.net/Sedutpe/prehen.html?rcit=aecatcup#olabor||estl||erun||iruredol||incidid||7699||https://api.example.org/edquian/loremeu.gif?volupta=dmi#untexpl||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mipsamvo", "tags": [ @@ -530,10 +398,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078874196Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-3517-rndmmtd: 10.87.179.233||mnisiut||avolu||[19/Oct/2017:4:03:07 PST]||eum||https://www.example.org/umetMal/asper.htm?metcons=itasper#uae||mve||uia||iciad||lorem||6137||https://www.example.org/redol/gnaa.htm?aliquamq=dtempori#toditaut||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||dexerc", "tags": [ @@ -542,10 +407,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078875122Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-2669-COOK: 10.198.57.130||hitec||henderit||[02/Nov/2017:11:05:41 OMST]||perspici||https://api.example.net/mquisn/queips.gif?emUte=molestia#quir||eavolup||emip||ver||erc||294||https://example.com/iuntNequ/esseq.txt?remq=veniamq#occ||Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90||emo", "tags": [ @@ -554,10 +416,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078876050Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-494-GET: 10.218.0.197||dolor||econs||[16/Nov/2017:6:08:15 ET]||eritin||https://www.example.net/yCic/nder.jpg?itanim=nesciun#saqu||iscive||quasiar||aeab||teur||609||https://www.example.org/mol/tur.jpg?usmodi=ree#saquaea||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||eetd", "tags": [ @@ -566,10 +425,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078876985Z" + "version": "8.2.0" }, "message": "December 1 01:10:49 iatqu7310.api.home %APACHETOMCAT- get: 10.123.199.198||irured||illumqui||[01/Dec/2017:1:10:49 PST]||tionula||https://mail.example.com/ecatcupi/uamei.html?nreprehe=onse#olorem||turvel||eratv||ipsa||asuntexp||1390||https://example.com/oremquel/lmole.jpg?boNem=iumt#tsed||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||mpo", "tags": [ @@ -578,10 +434,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078877913Z" + "version": "8.2.0" }, "message": "December 15 08:13:24 uamnihil6127.api.domain %APACHETOMCAT- POST: 10.29.119.245||tatnon||leumiur||[15/Dec/2017:8:13:24 ET]||ore||https://internal.example.net/ection/roquisqu.html?ceroinB=nim#utaliqu||rsi||taliqui||mides||ciun||39||https://example.org/iatqu/inBCSedu.gif?urExcep=ema#suntex||Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36||anim", "tags": [ @@ -590,10 +443,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078878843Z" + "version": "8.2.0" }, "message": "December 29 15:15:58 uov1629.internal.invalid %APACHETOMCAT- DETECT_METHOD_TYPE: 10.130.175.17||quide||quaU||[29/Dec/2017:3:15:58 PT]||inimav||https://mail.example.net/iutali/itat.txt?Finibus=radi#xeacom||des||atnulapa||billo||rroqu||2170||https://www.example.org/taedi/tquido.html?etconsec=elillum#upt||Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||onsectet", "tags": [ @@ -602,10 +452,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078879877Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-5752-PROPFIND: 10.166.90.130||mdolore||eosquira||[12/Jan/2018:10:18:32 CET]||lloinven||https://mail.example.net/lmolesti/apariatu.htm?moe=msequ#uat||lupta||npr||etconsec||caboNem||1043||https://internal.example.org/litesseq/atcupida.html?tob=dolores#equamnih||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||deF", "tags": [ @@ -614,10 +461,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078880821Z" + "version": "8.2.0" }, "message": "January 27 05:21:06 orumw5960.www5.home %APACHETOMCAT- GET: 10.248.111.207||dolor||tiumto||[27/Jan/2018:5:21:06 GMT-07:00]||quiavol||https://api.example.org/ratv/alorum.jpg?tali=BCS#qui||ugiatquo||incidid||quin||autemv||6174||https://internal.example.org/mipsumqu/tatio.jpg?admi=onnu#olorema||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||atatnon", "tags": [ @@ -626,10 +470,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078881751Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-2940-asdf: 10.185.37.32||ame||tesseq||[10/Feb/2018:12:23:41 GMT+02:00]||tem||https://internal.example.net/gitse/ugitse.jpg?tvolup=tdolore#ventore||red||sinto||tatev||luptas||3286||https://api.example.net/aev/inrepr.gif?iadese=nisiu#imad||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||ptatem", "tags": [ @@ -638,10 +479,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078882679Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4927-SEARCH: 10.5.194.202||onproide||ntmo||[24/Feb/2018:7:26:15 CET]||riosa||https://example.org/pisc/urEx.html?rautod=olest#eataev||atcupi||atem||qui||otamr||7278||https://internal.example.com/meaque/uid.htm?tion=tobeatae#maccusa||Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||iqua", "tags": [ @@ -650,10 +488,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078883634Z" + "version": "8.2.0" }, "message": "March 11 02:28:49 deriti6952.mail.domain %APACHETOMCAT- PRONECT: 10.183.34.1||boree||isn||[11/Mar/2018:2:28:49 CEST]||der||https://www5.example.com/aconse/prehe.gif?diduntu=eiusmod#itation||veleum||piciatis||nes||lmolesti||1559||https://www.example.org/emaperia/Section.txt?iame=orroquis#aquio||Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30||ntmoll", "tags": [ @@ -662,10 +497,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078884566Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4472-CFYZ: 10.101.163.40||abor||nBCSe||[25/Mar/2018:9:31:24 CEST]||remips||https://mail.example.net/reetdolo/rationev.html?reetdol=uelauda#ema||odi||ptatems||runtmo||ore||3512||https://internal.example.com/undeom/emullamc.jpg?quaer=eetdo#tlab||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||liq", "tags": [ @@ -674,10 +506,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078885496Z" + "version": "8.2.0" }, "message": "April 8 16:33:58 nse3421.mail.localhost %APACHETOMCAT- uGET: 10.216.188.152||oremi||ugitsedq||[08/Apr/2018:4:33:58 ET]||atDuis||https://www5.example.com/mUteni/quira.htm?ore=tation#loinve||tatevel||iumdolo||untu||ict||2699||https://internal.example.com/riosamni/icta.gif?umetMa=imadmin#iqui||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||Nequepo", "tags": [ @@ -686,10 +515,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078886422Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-1033-nGET: 10.94.140.77||veniam||isnisiu||[22/Apr/2018:11:36:32 OMST]||dol||https://www5.example.org/setquas/minim.gif?tutlabor=reseosq#gna||isiutali||lumqu||onulamco||ons||5050||https://mail.example.net/unt/tass.html?tla=mquiad#CSe||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||psa", "tags": [ @@ -698,10 +524,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078887352Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4133-PUT: 10.223.205.204||lor||ccaec||[07/May/2018:6:39:06 PST]||ommo||https://www.example.com/laudanti/umiurer.txt?rsitvolu=mnisi#usmo||iamea||imaveni||uiacon||iam||7526||https://mail.example.org/oin/itseddoe.html?citati=uamei#eursinto||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||tutla", "tags": [ @@ -710,10 +533,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078888279Z" + "version": "8.2.0" }, "message": "May 21 13:41:41 tautfug689.localdomain %APACHETOMCAT- PUT: 10.85.137.156||atiset||serror||[21/May/2018:1:41:41 CEST]||isiut||https://mail.example.org/ici/nisiuta.jpg?itae=dtempo#atnula||ditautf||itametc||ori||uamqu||2804||https://example.com/quiac/sunt.gif?etdol=dolorsi#nturmag||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||Except", "tags": [ @@ -722,10 +542,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078889228Z" + "version": "8.2.0" }, "message": "June 4 20:44:15 totam6886.api.localhost %APACHETOMCAT- QUALYS: 10.12.54.142||trudex||liquam||[04/Jun/2018:8:44:15 PST]||lor||https://mail.example.com/eseruntm/lpaquiof.html?magnaal=uscip#umS||iciadese||riatur||oeni||dol||3000||https://www5.example.net/teturadi/ditau.gif?piscivel=hend#eacommo||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aer", "tags": [ @@ -734,10 +551,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078890152Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-3864-RNDMMTD: 10.158.6.52||dolorem||sed||[19/Jun/2018:3:46:49 OMST]||Nemoenim||https://example.net/labori/porai.gif?utali=sed#xeac||umdolors||lumdo||acom||eFini||4262||https://internal.example.org/uovol/prehend.html?eque=eufug#est||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||ntincul", "tags": [ @@ -746,10 +560,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078891082Z" + "version": "8.2.0" }, "message": "July 3 10:49:23 tquo854.api.domain %APACHETOMCAT- MKCOL: 10.195.160.182||ine||urerepre||[03/Jul/2018:10:49:23 CT]||itessequ||https://www5.example.org/orissu/fic.gif?ese=mmodoco#amni||atnul||umfugi||stquidol||Nemoenim||1325||https://example.com/tasnul/tuserr.jpg?amvo=tnul#expl||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||isau", "tags": [ @@ -758,10 +569,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078893485Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-6084-CONNECT: 10.20.68.117||rQuisaut||quas||[17/Jul/2018:5:51:58 ET]||metco||https://mail.example.com/iuntNeq/eddoei.jpg?sseq=eriam#pernat||udan||archi||iutaliq||urQuis||1742||https://example.net/orum/Bonoru.txt?agnamal=quei#quio||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||lamcola", "tags": [ @@ -770,10 +578,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078894426Z" + "version": "8.2.0" }, "message": "August 1 00:54:32 venia6656.api.domain %APACHETOMCAT- CONNECT: 10.94.136.235||mmod||iti||[01/Aug/2018:12:54:32 PST]||amqu||https://www5.example.com/tanimid/onpr.gif?gelitse=oremqu#idex||radip||upta||tetura||rumet||6923||https://www5.example.org/lestia/nde.jpg?pisci=sunt#texplica||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||ore", "tags": [ @@ -782,10 +587,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078895356Z" + "version": "8.2.0" }, "message": "August 15 07:57:06 veniam1216.www5.invalid %APACHETOMCAT- NCIRCLE: 10.152.11.26||expli||ugiat||[15/Aug/2018:7:57:06 GMT+02:00]||oinBCSed||https://www.example.net/ntorever/pisciv.gif?eritq=rehen#ipsamvol||elillum||veleumi||nsequatu||nula||2783||https://example.com/santi/ritati.gif?turadip=dip#idolo||Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10||aco", "tags": [ @@ -794,10 +596,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078896280Z" + "version": "8.2.0" }, "message": "August 29 14:59:40 runtm5729.invalid %APACHETOMCAT- PRONECT: 10.82.118.95||bore||ptate||[29/Aug/2018:2:59:40 GMT+02:00]||labo||https://www5.example.com/quu/xeac.htm?abor=oreverit#scip||Finibus||Utenimad||olupta||tau||5211||https://www5.example.com/itametco/vel.htm?rere=pta#nonn||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||met", "tags": [ @@ -806,10 +605,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078897211Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4322-id: 10.187.152.213||conse||ventor||[12/Sep/2018:10:02:15 CEST]||mag||https://www.example.net/mini/Loremip.html?tur=atnonpr#ita||amquaer||aqui||enby||lpa||3948||https://www5.example.net/iat/ffic.htm?cte=aparia#CSe||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||ugitsedq", "tags": [ @@ -818,10 +614,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078898140Z" + "version": "8.2.0" }, "message": "September 27 05:04:49 pta6012.www.local %APACHETOMCAT- uGET: 10.98.71.45||destla||fugitse||[27/Sep/2018:5:04:49 GMT+02:00]||eirur||https://www.example.net/duntutla/lamco.txt?isci=Dui#reetdo||ever||civelits||eos||ipitlabo||5440||https://internal.example.net/nonn/hite.htm?ariatur=labo#sautei||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||unt", "tags": [ @@ -830,10 +623,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078899070Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-5971-uGET: 10.86.123.33||ugia||meum||[11/Oct/2018:12:07:23 OMST]||doei||https://www5.example.net/tev/nre.html?occaeca=eturadip#ent||rumSecti||Utenima||olore||orumS||757||https://www5.example.org/eursint/orio.txt?iameaqu=aaliquaU#olu||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||yCiceroi", "tags": [ @@ -842,10 +632,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078900058Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-2852-FGET: 10.6.112.183||deom||oluptat||[25/Oct/2018:7:09:57 GMT-07:00]||eni||https://www5.example.net/uamnih/nseq.txt?uidolo=umdolore#dmi||tam||oremip||eufugi||dunt||6169||https://api.example.net/uidexeac/sequa.html?modoc=magnam#uinesc||Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||idatat", "tags": [ @@ -854,10 +641,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078900982Z" + "version": "8.2.0" }, "message": "November 9 02:12:32 orsi2109.internal.home %APACHETOMCAT- LOCK: 10.227.156.143||sis||idolo||[09/Nov/2018:2:12:32 CEST]||tsedquia||https://example.net/umdolor/isiu.html?mmodi=snostr#eniamqu||inimav||tatevel||midestl||nci||6587||https://www5.example.org/nvolupt/meiusm.htm?aturv=ectetura#obeataev||Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10||seq", "tags": [ @@ -866,10 +650,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078901913Z" + "version": "8.2.0" }, "message": "November 23 09:15:06 quaeabil2539.www5.lan %APACHETOMCAT- get: 10.124.129.248||iamqui||quide||[23/Nov/2018:9:15:06 CT]||cididun||https://example.org/ibusBo/untincu.jpg?lesti=sintocca#mipsumqu||eprehen||hilmole||sequ||sectetu||7182||https://example.net/dolor/lorumwri.htm?mquis=lab#uido||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mwrit", "tags": [ @@ -878,10 +659,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078902845Z" + "version": "8.2.0" }, "message": "December 7 16:17:40 aal1598.mail.host %APACHETOMCAT- CONNECT: 10.173.125.112||quiavolu||upta||[07/Dec/2018:4:17:40 OMST]||umtota||https://www5.example.org/magnaa/sumquiad.gif?oluptate=Duisa#consequa||eaqueip||itaedict||olorema||rep||3380||https://www5.example.net/siarc/fdeFin.jpg?tobeata=nesciun#amcolab||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||isnisiut", "tags": [ @@ -890,10 +668,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078903884Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-5227-GET: 10.37.156.140||uisnos||olores||[21/Dec/2018:11:20:14 PST]||epo||https://www.example.org/evolup/rvelil.gif?eavolup=ipsumq#evit||tno||iss||taspe||lum||5911||https://api.example.net/eturad/tDuis.htm?enimadmi=tateveli#osa||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||idolorem", "tags": [ @@ -902,10 +677,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078904821Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-5776-PRONECT: 10.121.225.135||ufugi||cin||[05/Jan/2019:6:22:49 ET]||byC||https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex||nse||miurere||evit||uatu||2448||https://www5.example.org/uamestqu/mpor.jpg?hender=ptatemU#seq||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||tnulapa", "tags": [ @@ -914,10 +686,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078905753Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-7708-DEBUG: 10.123.68.56||expl||olore||[19/Jan/2019:1:25:23 CEST]||dentsunt||https://www.example.org/animid/upta.jpg?onnumqua=quioff#iuntN||ipis||itautfu||nesci||tam||1206||https://mail.example.net/tetura/eeufug.txt?modt=iduntutl#rsitam||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||ntor", "tags": [ @@ -926,10 +695,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078906684Z" + "version": "8.2.0" }, "message": "February 2 20:27:57 oid218.api.invalid %APACHETOMCAT- RNDMMTD: 10.63.56.164||iquid||evo||[02/Feb/2019:8:27:57 GMT-07:00]||avolu||https://api.example.net/itesse/expl.html?prehende=lup#tpers||orsitv||temseq||uisaute||uun||4638||https://mail.example.net/nemulla/asp.html?ncul=taliq#tautfugi||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||umd", "tags": [ @@ -938,10 +704,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078907617Z" + "version": "8.2.0" }, "message": "February 17 03:30:32 sectetur2674.www5.test %APACHETOMCAT- HEAD: 10.62.10.137||eeufugi||deomnisi||[17/Feb/2019:3:30:32 ET]||issus||https://example.net/deritinv/evelite.html?iav=odico#rsint||itl||ttenb||olor||quiav||6648||https://example.com/eumfu/lors.gif?upidata=ici#usant||Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10||con", "tags": [ @@ -950,10 +713,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078908549Z" + "version": "8.2.0" }, "message": "March 3 10:33:06 sequatD4487.internal.localhost %APACHETOMCAT- INDEX: 10.89.154.115||oeiusmo||nimv||[03/Mar/2019:10:33:06 GMT+02:00]||tconse||https://example.org/tseddoei/teursint.htm?remagnaa=lamcolab#ceroinB||umqui||citation||temsequi||mquia||1119||https://api.example.net/iveli/conseq.htm?ercitat=taspe#yCiceroi||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||cti", "tags": [ @@ -962,10 +722,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078909486Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-4758-TRACE: 10.122.252.130||tuser||mmo||[17/Mar/2019:5:35:40 PST]||tlaboru||https://www5.example.com/ciad/ugiatqu.gif?turveli=isciv#natus||boreet||luptasnu||ento||snostr||3904||https://api.example.org/xerc/Nequep.htm?ria=beat#rro||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||uisau", "tags": [ @@ -974,10 +731,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078910421Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-2573-id: 10.195.152.53||ueporroq||ute||[01/Apr/2019:12:38:14 GMT-07:00]||tationu||https://api.example.com/olore/ntutlab.htm?ameaquei=gnama#esciun||tesse||olupta||isno||oluptas||5560||https://www.example.net/rinrepr/dutp.jpg?modo=uiavo#uisaut||mobmail android 2.1.3.3150||paq", "tags": [ @@ -986,10 +740,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078911374Z" + "version": "8.2.0" }, "message": "April 15 07:40:49 nul5107.www5.domain %APACHETOMCAT- ABCD: 10.9.255.204||illoin||emUtenim||[15/Apr/2019:7:40:49 CT]||uid||https://mail.example.com/rvelil/adese.htm?incidi=aedictas#rumetMa||mexerci||urEx||ditaut||ctetur||3089||https://mail.example.com/oreeu/mea.jpg?tis=oluptat#emi||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||iaeconse", "tags": [ @@ -998,10 +749,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078912333Z" + "version": "8.2.0" }, "message": "April 29 14:43:23 nimadmin5630.localdomain %APACHETOMCAT- RNDMMTD: 10.214.235.133||equ||nulapari||[29/Apr/2019:2:43:23 GMT-07:00]||tsunt||https://www.example.org/oremi/ectobeat.gif?oreeu=uasiarch#Malor||boriosa||cillumdo||ditau||moenimip||5930||https://internal.example.net/oreetd/lor.txt?etc=eturadip#nost||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||evel", "tags": [ @@ -1010,10 +758,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078913271Z" + "version": "8.2.0" }, "message": "May 13 21:45:57 sequuntu3563.internal.test %APACHETOMCAT- TRACE: 10.5.134.204||apari||iarchit||[13/May/2019:9:45:57 PT]||orum||https://api.example.com/orsitam/tiset.jpg?ati=rauto#doloreeu||lors||eumfu||docons||tur||3197||https://api.example.org/uasi/maveniam.html?rspicia=pitl#imi||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||taevit", "tags": [ @@ -1022,10 +767,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078914205Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-6820-SEARCH: 10.144.111.42||sumquia||vento||[28/May/2019:4:48:31 CEST]||asnu||https://example.org/rep/mveni.txt?utpers=num#ctetura||quaerat||tDuisau||aturve||ptateve||7615||https://internal.example.com/tconsect/pariat.gif?etcon=ctobeat#isi||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||lorumw", "tags": [ @@ -1034,10 +776,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078915134Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-3071-FGET: 10.122.0.80||olupt||ola||[11/Jun/2019:11:51:06 CT]||etquasia||https://example.net/adm/snostr.jpg?tec=itaspe#con||illumdo||antium||remaper||eseosq||2945||https://www.example.com/uae/ata.htm?snulap=cidu#hilmol||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||quamq", "tags": [ @@ -1046,10 +785,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078916072Z" + "version": "8.2.0" }, "message": "June 25 18:53:40 tdolo2150.www.example %APACHETOMCAT- ABCD: 10.165.33.19||uamqu||iusmodi||[25/Jun/2019:6:53:40 ET]||aparia||https://mail.example.com/ccusant/epteurs.htm?oidentsu=oditau#onsec||dit||namaliqu||yCic||tetura||1569||https://www.example.net/ttenb/eirure.txt?rem=exer#eeufug||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||lapari", "tags": [ @@ -1058,10 +794,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078917008Z" + "version": "8.2.0" }, "message": "July 10 01:56:14 cinge6032.api.local %APACHETOMCAT- BADMTHD: 10.87.92.17||utlabore||tamr||[10/Jul/2019:1:56:14 CT]||iutaliq||https://mail.example.org/onemul/trudexe.txt?ura=oreeufug#Quisa||quiav||ctionofd||elit||sam||6211||https://internal.example.org/unt/isni.htm?ecillum=olor#amei||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||quid", "tags": [ @@ -1070,10 +803,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078917949Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-7615-BADMETHOD: 10.51.52.203||wri||itame||[24/Jul/2019:8:58:48 ET]||dictasun||https://example.com/lorese/olupta.jpg?onsec=idestl#litani||emp||arch||non||mollit||5823||https://internal.example.org/tobeatae/ntut.gif?exe=naa#equat||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mqu", "tags": [ @@ -1082,10 +812,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078918881Z" + "version": "8.2.0" }, "message": "August 7 16:01:23 ende6053.local %APACHETOMCAT- rndmmtd: 10.0.211.86||rsp||imipsa||[07/Aug/2019:4:01:23 CEST]||int||https://internal.example.net/llitani/uscipit.html?etcons=etco#iuntN||utfugi||ursintoc||tio||mmodicon||6776||https://internal.example.net/tvol/lup.gif?ollita=qua#ionula||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||cusa", "tags": [ @@ -1094,10 +821,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078919812Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-264-OPTIONS: 10.106.34.244||eumiu||nim||[21/Aug/2019:11:03:57 PST]||rehen||https://mail.example.net/ptat/mipsu.htm?eturadip=amquaera#rsitamet||leumiur||ssequamn||ave||taliqui||3714||https://example.net/undeomn/ape.jpg?amco=ons#onsecte||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||atquo", "tags": [ @@ -1106,10 +830,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078920743Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-2943-nGET: 10.191.210.188||inculpa||ruredol||[05/Sep/2019:6:06:31 OMST]||ipit||https://www.example.org/quae/periam.html?emoenimi=iquipex#mqu||onorume||abill||ametcon||ofdeFini||7052||https://example.net/tionev/uasiarch.html?qui=ehender#equa||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||nimides", "tags": [ @@ -1118,10 +839,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078921673Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-6165-BDMTHD: 10.2.38.49||asiarc||lor||[19/Sep/2019:1:09:05 GMT+02:00]||snula||https://www.example.com/bori/dipi.gif?utf=dolor#dexe||nemul||Duis||lupt||quatur||5775||https://www.example.org/ipsa/con.gif?uianonnu=tatiset#quira||mobmail android 2.1.3.3150||aea", "tags": [ @@ -1130,10 +848,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078922604Z" + "version": "8.2.0" }, "message": "October 3 20:11:40 didun1193.example %APACHETOMCAT- id: 10.66.92.90||orumwri||atisu||[03/Oct/2019:8:11:40 PST]||tse||https://example.com/iat/tqui.gif?utaliqui=emse#emqui||cipitla||tlab||vel||ionevo||4580||https://mail.example.com/volupta/umfu.gif?tisetq=tDuisaut#dolo||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||samvol", "tags": [ @@ -1142,10 +857,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078923534Z" + "version": "8.2.0" }, "message": "October 18 03:14:14 apari2660.www5.lan %APACHETOMCAT- BADMTHD: 10.97.108.108||fficiad||teirured||[18/Oct/2019:3:14:14 PST]||sistena||https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost||sequines||olor||sequa||lorum||7649||https://mail.example.com/Sedut/tatis.gif?reeufugi=sequines#minimve||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||toditau", "tags": [ @@ -1154,10 +866,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078924489Z" + "version": "8.2.0" }, "message": "November 1 10:16:48 nvolupta238.www.host %APACHETOMCAT- COOK: 10.147.147.248||onpr||uira||[01/Nov/2019:10:16:48 CET]||ptatev||https://api.example.net/uiaco/aliqu.txt?udexerci=uae#imveni||econ||aborio||rve||catcup||177||https://www5.example.org/busBon/norumetM.jpg?vitaedi=rna#cons||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||lupta", "tags": [ @@ -1166,10 +875,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078925450Z" + "version": "8.2.0" }, "message": "November 15 17:19:22 icer123.mail.example %APACHETOMCAT- NCIRCLE: 10.152.190.61||imvenia||culp||[15/Nov/2019:5:19:22 GMT-07:00]||nesciu||https://www.example.org/roinBCSe/eetdolor.html?tla=iaconseq#sed||sedd||atione||tvolup||oremeu||6708||https://api.example.com/dan/pta.html?oNem=itaedict#eroi||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||uptateve", "tags": [ @@ -1178,10 +884,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078926387Z" + "version": "8.2.0" }, "message": "November 30 00:21:57 lumqui6488.api.example %APACHETOMCAT- DETECT_METHOD_TYPE: 10.129.232.105||des||deFini||[30/Nov/2019:12:21:57 GMT-07:00]||aliquaU||https://www.example.net/tvolu/imve.txt?gnaaliq=quam#deriti||edictasu||eturadi||umS||noru||5321||https://api.example.org/taevitae/tevel.htm?vol=ita#iquipexe||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||quamqua", "tags": [ @@ -1190,10 +893,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T13:05:27.078927311Z" + "version": "8.2.0" }, "message": "%APACHETOMCAT-5473-TRACE: 10.12.173.112||Excepteu||mco||[14/Dec/2019:7:24:31 PT]||undeom||https://internal.example.org/teturadi/radipi.gif?upidatat=mod#niamqui||litsedd||nidol||inBC||hite||423||https://api.example.net/dminimve/remips.txt?uiac=tquii#tesse||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||emeumfu", "tags": [ diff --git a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml index bd45092f915..2acd0481e2d 100644 --- a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -2,13 +2,9 @@ description: Pipeline for Apache Tomcat processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/tomcat/data_stream/log/sample_event.json b/packages/tomcat/data_stream/log/sample_event.json index 65e69b7e783..638afcab0c2 100644 --- a/packages/tomcat/data_stream/log/sample_event.json +++ b/packages/tomcat/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/tomcat/manifest.yml b/packages/tomcat/manifest.yml index 74bad2409ff..a87e45debf7 100644 --- a/packages/tomcat/manifest.yml +++ b/packages/tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: tomcat title: Apache Tomcat -version: 1.3.1 +version: 1.4.0 description: Collect and parse logs from Apache Tomcat servers with Elastic Agent. categories: ["web", "security"] release: ga diff --git a/packages/udp/_dev/build/build.yml b/packages/udp/_dev/build/build.yml index 08d85edcf9a..d61527283ec 100644 --- a/packages/udp/_dev/build/build.yml +++ b/packages/udp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@8.2 diff --git a/packages/udp/changelog.yml b/packages/udp/changelog.yml index 75c95325622..0e0a0400587 100644 --- a/packages/udp/changelog.yml +++ b/packages/udp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.0" + changes: + - description: Update ECS to 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.0.1" changes: - description: Fixing typo in manifest for listen address diff --git a/packages/udp/data_stream/generic/sample_event.json b/packages/udp/data_stream/generic/sample_event.json index 5313c82a42d..a3ea74519ee 100644 --- a/packages/udp/data_stream/generic/sample_event.json +++ b/packages/udp/data_stream/generic/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "1.11.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c979ad84-c568-4e38-81eb-76da479696a1", diff --git a/packages/udp/manifest.yml b/packages/udp/manifest.yml index b9a5924764f..313aaa0808e 100644 --- a/packages/udp/manifest.yml +++ b/packages/udp/manifest.yml @@ -3,7 +3,7 @@ name: udp title: Custom UDP Logs description: Collect raw UDP data from listening UDP port with Elastic Agent. type: integration -version: 1.0.1 +version: 1.1.0 release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/winlog/_dev/build/build.yml b/packages/winlog/_dev/build/build.yml index a138b554aa0..d61527283ec 100644 --- a/packages/winlog/_dev/build/build.yml +++ b/packages/winlog/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.11 + reference: git@8.2 diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index 93fa85cff7b..ab370f1b7ef 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update to ECS 8.2 (documentation reference only) + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.4.0" changes: - description: Expose winlog input ignore_older option. diff --git a/packages/winlog/docs/README.md b/packages/winlog/docs/README.md index 942ad4797a2..34329c54271 100644 --- a/packages/winlog/docs/README.md +++ b/packages/winlog/docs/README.md @@ -34,7 +34,7 @@ To achieve this, `renderXml` needs to be set to `1` in your [inputs.conf](https: | event.module | Event module | constant_keyword | | input.type | Type of Filebeat input. | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | tags | User defined tags | keyword | | winlog.activity_id | A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. | keyword | | winlog.api | The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. The Event Logging API was designed for Windows Server 2003 or Windows 2000 operating systems. In Windows Vista, the event logging infrastructure was redesigned. On Windows Vista or later operating systems, the Windows Event Log API is used. Winlogbeat automatically detects which API to use for reading event logs. | keyword | diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index 32c6341ccc4..15f5a35950c 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -3,7 +3,7 @@ name: winlog title: Custom Windows Event Logs description: Collect and parse logs from any Windows event log channel with Elastic Agent. type: integration -version: 1.4.0 +version: 1.5.0 release: ga conditions: kibana.version: '^7.16.0 || ^8.0.0' diff --git a/packages/zeek/_dev/build/build.yml b/packages/zeek/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zeek/_dev/build/build.yml +++ b/packages/zeek/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 8a07ef68600..15d2b827917 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.6.1" changes: - description: Add documentation for multi-fields diff --git a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json index 1eb9790f2c9..3fc3bf2d6b9 100644 --- a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json +++ b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -27,7 +27,7 @@ { "@timestamp": "2021-03-30T00:04:00.941Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -51,7 +51,7 @@ { "@timestamp": "2021-03-30T00:19:00.942Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -75,7 +75,7 @@ { "@timestamp": "2021-03-30T00:34:00.942Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -99,7 +99,7 @@ { "@timestamp": "2021-03-30T00:49:00.942Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -123,7 +123,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml index 4f050212bc3..64ee568df74 100644 --- a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - date: field: zeek.capture_loss.ts formats: diff --git a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json index f7e976dc252..fa7c6801da2 100644 --- a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json +++ b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json @@ -10,7 +10,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -91,7 +91,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -172,7 +172,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -269,7 +269,7 @@ "packets": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -427,7 +427,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -506,7 +506,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -585,7 +585,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -646,7 +646,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -708,7 +708,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -770,7 +770,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -832,7 +832,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -894,7 +894,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -956,7 +956,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -1016,7 +1016,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -1076,7 +1076,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -1154,7 +1154,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -1242,7 +1242,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml index 4a2c9d8f4e6..bba287f0884 100644 --- a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json index de4913accca..084ae9146cc 100644 --- a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json +++ b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "BrowserrQueryOtherDomains", @@ -62,7 +62,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "BrowserrQueryOtherDomains", diff --git a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml index 74797bf26bc..23954cb743a 100644 --- a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json index d53a5fe77a0..a35dfa2601d 100644 --- a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json @@ -11,7 +11,7 @@ "port": 67 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -91,7 +91,7 @@ "port": 67 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -165,7 +165,7 @@ "port": 67 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml index 41cc6b2c024..ab1f20f072e 100644 --- a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json index dbc76b0f343..5d4153b6fb5 100644 --- a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json +++ b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json @@ -8,7 +8,7 @@ "port": 20000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "read", @@ -60,7 +60,7 @@ "port": 20000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "read", diff --git a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml index 1fad80a0b1b..cee9af148cc 100644 --- a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 701e4de02dc..e3787ffdd3e 100644 --- a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -42,7 +42,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -125,7 +125,7 @@ "type": "query" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -201,7 +201,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -297,7 +297,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -534,7 +534,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -650,7 +650,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -734,7 +734,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 3d9df3f54d9..b644e013216 100644 --- a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json index 93bfa45f684..f694dd8452c 100644 --- a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json +++ b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -57,7 +57,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml index 8bf55b4fe05..7b6b01f0cf7 100644 --- a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json index 64a33a105ba..39f0e41e495 100644 --- a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json +++ b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json @@ -6,7 +6,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -78,7 +78,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -150,7 +150,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -222,7 +222,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -298,7 +298,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -374,7 +374,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -450,7 +450,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -522,7 +522,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -598,7 +598,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml index de77b603d21..ab428a1072f 100644 --- a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json index bbd96f4dade..1713c7838ac 100644 --- a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json +++ b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json @@ -8,7 +8,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EPSV", @@ -77,7 +77,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RETR", @@ -144,7 +144,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "STOR", @@ -208,7 +208,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "STOR", diff --git a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml index fe0fd2315e1..d9c6c67abe8 100644 --- a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json index a46917c6e81..37e5108ea62 100644 --- a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json +++ b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json @@ -26,7 +26,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GET", @@ -138,7 +138,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GET", @@ -244,7 +244,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -335,7 +335,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -426,7 +426,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -517,7 +517,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -608,7 +608,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -699,7 +699,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GET", @@ -795,7 +795,7 @@ "port": 7000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GET", diff --git a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml index d9935a8e86e..6890b37b9d5 100644 --- a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json index 82e24747309..180e91ec47e 100644 --- a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json +++ b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json @@ -26,7 +26,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -98,7 +98,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml index 35669d8b035..9b6de052b23 100644 --- a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: enrichment - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: threat diff --git a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json index 23551e54618..d8e4017f44b 100644 --- a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json +++ b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json @@ -26,7 +26,7 @@ "port": 8000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USER", @@ -97,7 +97,7 @@ "port": 8000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NICK", @@ -174,7 +174,7 @@ "port": 8000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "JOIN", @@ -252,7 +252,7 @@ "port": 8000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "JOIN", diff --git a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml index 88ca30b5a9e..7dab55e0643 100644 --- a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json index 70db7c353b4..9a5830a6bdd 100644 --- a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json +++ b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json @@ -11,7 +11,7 @@ "port": 88 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TGS", @@ -117,7 +117,7 @@ "port": 88 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TGS", diff --git a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml index 9984fe00f2a..65cb1102323 100644 --- a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json index eefa6c3b2fd..b2ab760d806 100644 --- a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json +++ b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json @@ -8,7 +8,7 @@ "port": 502 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "READ_COILS", @@ -59,7 +59,7 @@ "port": 502 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "READ_COILS", diff --git a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml index a1982eae61a..eadf6392956 100644 --- a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json index 0046c1dc382..b415e326e08 100644 --- a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json +++ b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json @@ -8,7 +8,7 @@ "port": 3306 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "query", @@ -63,7 +63,7 @@ "port": 3306 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "query", diff --git a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml index b858a3408df..73cc853ac05 100644 --- a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json index 32f95fde569..c96cacb1cc9 100644 --- a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json +++ b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-11-04T19:44:35.879Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -137,7 +137,7 @@ { "@timestamp": "2021-03-30T09:49:00.958Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -194,7 +194,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -270,7 +270,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml index 451ef44c427..0e1ff118bd8 100644 --- a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: alert - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: intrusion_detection diff --git a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json index 715f4d7ba2e..aee721c9b39 100644 --- a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json +++ b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml index 8734b4f1f9a..f9a93083419 100644 --- a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json index e940ebd4283..9dc1279df56 100644 --- a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json +++ b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json @@ -26,7 +26,7 @@ "port": 123 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -122,7 +122,7 @@ "port": 123 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml index f909d3df7e2..4c4b978b5f2 100644 --- a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json index fcb0058dfdc..010d35ac4cd 100644 --- a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json +++ b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-06-10T13:27:01.847Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -41,7 +41,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -76,7 +76,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml index 59eadcc2bee..a3623d50642 100644 --- a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: network.transport value: tcp diff --git a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json index e70ebb6030c..38af29f3453 100644 --- a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json +++ b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -49,7 +49,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml index 1900d212c19..d088ca43e66 100644 --- a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json index 38f3fab3220..69b99e53823 100644 --- a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json +++ b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json @@ -8,7 +8,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml index 86a9ddb537e..68bc5af8ec6 100644 --- a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json index 1688a21aac9..7d0ca13c8ef 100644 --- a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json +++ b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json @@ -8,7 +8,7 @@ "port": 3389 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -65,7 +65,7 @@ "port": 3389 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml index 527b57a520c..0b9239802b6 100644 --- a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json index 909a0de91a8..3185c231ad8 100644 --- a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json +++ b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json @@ -8,7 +8,7 @@ "port": 5900 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 5900 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml index 047c7d2b505..d4a40669195 100644 --- a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json index bfbf8c71f29..b188eddbaf3 100644 --- a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json +++ b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json @@ -26,7 +26,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml index 8b78f90eea8..496fef99875 100644 --- a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: alert diff --git a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json index 6f84a12696a..ea6626fbd25 100644 --- a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json @@ -26,7 +26,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REGISTER", @@ -126,7 +126,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "INVITE", @@ -245,7 +245,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REGISTER", @@ -343,7 +343,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "OPTIONS", @@ -432,7 +432,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "OPTIONS", @@ -539,7 +539,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REGISTER", diff --git a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml index 4aeab81cc2a..5715594d2bb 100644 --- a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json index d39eef0306d..8778d4660a2 100644 --- a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json +++ b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NT_CREATE_ANDX", @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NT_CREATE_ANDX", diff --git a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml index 4d46a6854d7..95e997eaaf4 100644 --- a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json index 2b84ded7deb..5d8dd6e1557 100644 --- a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json +++ b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SMB::FILE_OPEN", @@ -78,7 +78,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SMB::FILE_OPEN", diff --git a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml index 17ded4779a0..b83f7694983 100644 --- a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json index fac4eed0592..6faab414fa3 100644 --- a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json +++ b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -58,7 +58,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml index 0a42d138fa5..16e5f99675a 100644 --- a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json index 527af487fe0..0c2767f1701 100644 --- a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json +++ b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json @@ -8,7 +8,7 @@ "port": 25 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 25 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml index b812255572c..bb7b23af88a 100644 --- a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json index c6a96acc786..95d10024f49 100644 --- a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json +++ b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json @@ -8,7 +8,7 @@ "port": 161 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 161 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -145,7 +145,7 @@ "port": 161 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml index e9dcf482efb..dc178f2c1f6 100644 --- a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json index 87ca06abeb0..c3ee99484db 100644 --- a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json +++ b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json @@ -8,7 +8,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -66,7 +66,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml index e01a500e8b6..2550b213faa 100644 --- a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json index d31aded7521..87b984d74b5 100644 --- a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json +++ b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -143,7 +143,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -214,7 +214,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -285,7 +285,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml index b78c97a3bcf..514d34d1d30 100644 --- a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json index a441e4b886b..934857aaffd 100644 --- a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json +++ b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json @@ -29,7 +29,7 @@ "port": 9243 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -154,7 +154,7 @@ "port": 9243 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -279,7 +279,7 @@ "port": 9243 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -404,7 +404,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -468,7 +468,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -548,7 +548,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -628,7 +628,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -726,7 +726,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -800,7 +800,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -898,7 +898,7 @@ "port": 9243 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml index a784ecd8e0b..d18e3cd5a1f 100644 --- a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json index e4190ce74de..d77fac9a811 100644 --- a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json +++ b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -65,7 +65,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml index 2c90b966743..cbff62956ee 100644 --- a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: zeek.stats.mem target_field: zeek.stats.memory diff --git a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml index 8cb19372511..28a9b402b81 100644 --- a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: network.protocol value: syslog diff --git a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json index 74701fb51ba..24e31991b53 100644 --- a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json +++ b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -81,7 +81,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml index 3855c34b34f..0f3451e3043 100644 --- a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index d796e552870..4b890281863 100644 --- a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -26,7 +26,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Tunnel::DISCOVER", @@ -104,7 +104,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Tunnel::DISCOVER", diff --git a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index 76e61e7e045..d118d8f285c 100644 --- a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json index 2d6f7b57153..d2ed6f6ca88 100644 --- a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json +++ b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json @@ -8,7 +8,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -48,7 +48,7 @@ { "@timestamp": "2020-01-28T16:00:59.342Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -80,7 +80,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml index b99138da6e6..7d2b1edcf35 100644 --- a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json index cad0575a168..8fa0a412f49 100644 --- a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json +++ b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -225,7 +225,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml index 94d03c334e3..ddaa08d64ba 100644 --- a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.type value: info diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index 4a3afe82fc9..69ac9fc58e2 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek Logs -version: 1.6.1 +version: 1.7.0 release: ga description: Collect and parse logs from Zeek network security with Elastic Agent. type: integration diff --git a/packages/zerofox/_dev/build/build.yml b/packages/zerofox/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zerofox/_dev/build/build.yml +++ b/packages/zerofox/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml index 173dacb64f2..1426081c467 100644 --- a/packages/zerofox/changelog.yml +++ b/packages/zerofox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.1" changes: - description: Add documentation for multi-fields diff --git a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json index affd2ae9a7a..e0d30ca46fa 100644 --- a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json +++ b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-04-29T18:56:51.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "rule": { "name": "Advanced Domain Analysis - Typosquat Match", @@ -44,7 +44,6 @@ }, "event": { "severity": 4, - "ingested": "2022-01-03T06:35:04.302100349Z", "original": "{ \"alert_type\": \"search query\", \"logs\": [{ \"id\": 205171631, \"timestamp\": \"2021-04-29T18:56:52+00:00\", \"actor\": \"ZeroFox Platform Specialist\", \"subject\": \"\", \"action\": \"modify tags\" }, { \"id\": 205171630, \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\" } ], \"offending_content_url\": \"hxxp://abc.biz?entity=123456\", \"asset_term\": \"\", \"assignee\": \"\", \"entity\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } }, \"entity_term\": \"\", \"content_created_at\": \"2017-01-10T11:00:00+00:00\", \"id\": 123456789, \"protected_account\": \"\", \"severity\": 4, \"perpetrator\": { \"name\": \"Concealed\", \"display_name\": \"Concealed\", \"id\": 123456789, \"url\": \"hxxp://abc.biz?entity=123456\", \"content\": \"Variation of protected domain abc.com found: abc.biz\", \"type\": \"page\", \"timestamp\": \"2017-01-10T11:00:00+00:00\", \"network\": \"domains\" },\"rule_group_id\": 457, \"metadata\": \"{}\", \"status\": \"Open\", \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"rule_name\": \"Advanced Domain Analysis - Typosquat Match\", \"last_modified\": \"2021-04-29T18:56:52Z\", \"protected_locations\": \"\", \"darkweb_term\": \"\", \"business_network\": \"\", \"reviewed\": false, \"escalated\": false, \"network\": \"domains\", \"protected_social_object\": \"\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 38160, \"entity_account\": \"\", \"entity_email_receiver_id\": \"\", \"tags\": [], \"asset\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } } }", "created": "2017-01-10T11:00:00.000Z", "kind": "alert", @@ -61,7 +60,7 @@ { "@timestamp": "2021-05-06T13:50:48.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "rule": { "name": "Mentions", @@ -111,7 +110,6 @@ }, "event": { "severity": 1, - "ingested": "2022-01-03T06:35:04.302112327Z", "original": "{\"alert_type\": \"search query\", \"logs\": [{\"id\": 206587078, \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"asset_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"content_created_at\": \"2021-05-06T13:29:27+00:00\", \"id\": 137814029, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 6830162495, \"username\": \"NOWMG\", \"display_name\": \"NOW Marketing Group\", \"account_number\": \"178236715\", \"destination_account_number\": \"178236715\", \"parent_post_number\": null, \"parent_post_url\": null, \"parent_post_account_number\": null, \"post_number\": \"1390297659475365894\", \"network\": \"twitter\", \"image\": \"https://pbs.twimg.com/profile_images/1356266220065009667/dTlGFDCM.jpg\", \"url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"type\": \"post\", \"post_type\": \"post\", \"timestamp\": \"2021-05-06T13:29:27+00:00\"}, \"rule_group_id\": null, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"rule_name\": \"Mentions\", \"last_modified\": \"2021-05-06T13:50:48Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": false, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": \"#darksocial\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 40816, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }", "created": "2021-05-06T13:29:27.000Z", "kind": "alert", @@ -128,7 +126,7 @@ { "@timestamp": "2021-05-05T19:22:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "rule": { "name": "Impersonation - Name", @@ -170,7 +168,6 @@ }, "event": { "severity": 1, - "ingested": "2022-01-03T06:35:04.302113908Z", "original": "{\"alert_type\": \"impersonating account\", \"logs\": [{\"id\": 206433935, \"timestamp\": \"2021-05-05T19:36:38+00:00\", \"actor\": \"jedmunds@zerofox.com\", \"subject\": \"\", \"action\": \"review\"}, {\"id\": 206431230, \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"actor\": \"jedmunds@zerofox.com\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/TheDarkSocial\", \"asset_term\": null, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": null, \"content_created_at\": \"2014-08-09T16:00:16+00:00\", \"id\": 137731395, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 958871039, \"username\": \"TheDarkSocial\", \"display_name\": \"Dark Social\", \"account_number\": \"2719621658\", \"image\": \"https://pbs.twimg.com/profile_images/498137972940603392/45HEzP-B.jpeg\", \"network\": \"twitter\", \"url\": \"https://twitter.com/TheDarkSocial\", \"type\": \"account\", \"timestamp\": \"2014-08-09T16:00:16+00:00\"}, \"rule_group_id\": 4, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"jedmunds@zerofox.com\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"rule_name\": \"Impersonation - Name\", \"last_modified\": \"2021-05-05T19:36:38Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": true, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": null, \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 32, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }", "created": "2014-08-09T16:00:16.000Z", "kind": "alert", diff --git a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 2bd81eec897..1f26dc9c1e0 100644 --- a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -1,13 +1,10 @@ --- description: Pipeline for parsing zerofox alerts processors: - ## Ingestion date and ECS version. - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' + ## ECS version. - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" ## Event JSON decoding. - rename: diff --git a/packages/zerofox/manifest.yml b/packages/zerofox/manifest.yml index 4db4444e15b..bcba3369d6f 100644 --- a/packages/zerofox/manifest.yml +++ b/packages/zerofox/manifest.yml @@ -1,6 +1,6 @@ name: zerofox title: ZeroFox -version: 1.2.1 +version: 1.3.0 release: ga description: Collect data from ZeroFox Cloud Platform with Elastic Agent. type: integration diff --git a/packages/zoom/_dev/build/build.yml b/packages/zoom/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zoom/_dev/build/build.yml +++ b/packages/zoom/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zoom/changelog.yml b/packages/zoom/changelog.yml index 85bfff8799a..5e174641bf4 100644 --- a/packages/zoom/changelog.yml +++ b/packages/zoom/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.1" changes: - description: Add documentation for multi-fields diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json index 06693cdb731..52245b2e5f7 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -26,7 +26,6 @@ }, "event": { "action": "account.created", - "ingested": "2022-01-03T06:40:02.596222323Z", "category": [ "iam" ], @@ -54,7 +53,7 @@ }, "@timestamp": "2019-07-01T17:03:04.527Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -78,7 +77,6 @@ }, "event": { "action": "account.updated", - "ingested": "2022-01-03T06:40:02.596225683Z", "category": [ "iam" ], @@ -109,7 +107,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -129,7 +127,6 @@ }, "event": { "action": "account.disassociated", - "ingested": "2022-01-03T06:40:02.596226904Z", "category": [ "iam" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json index 714e01639c6..803d8188705 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json @@ -7,7 +7,7 @@ }, "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -29,7 +29,6 @@ }, "event": { "action": "chat_channel.created", - "ingested": "2022-01-03T06:40:03.347463176Z", "type": [ "creation" ], @@ -49,7 +48,7 @@ }, "@timestamp": "2020-02-10T21:59:05.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -68,7 +67,6 @@ }, "event": { "action": "chat_channel.updated", - "ingested": "2022-01-03T06:40:03.347466461Z", "type": [ "change" ], @@ -88,7 +86,7 @@ }, "@timestamp": "2020-02-10T21:59:05.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -107,7 +105,6 @@ }, "event": { "action": "chat_channel.deleted", - "ingested": "2022-01-03T06:40:03.347467486Z", "type": [ "deletion" ], @@ -127,7 +124,7 @@ }, "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -148,7 +145,6 @@ }, "event": { "action": "chat_channel.member_invited", - "ingested": "2022-01-03T06:40:03.347468385Z", "type": [ "user" ], @@ -168,7 +164,7 @@ }, "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -187,7 +183,6 @@ }, "event": { "action": "chat_channel.member_joined", - "ingested": "2022-01-03T06:40:03.347469285Z", "type": [ "user" ], @@ -207,7 +202,7 @@ }, "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -226,7 +221,6 @@ }, "event": { "action": "chat_channel.member_left", - "ingested": "2022-01-03T06:40:03.347470239Z", "type": [ "user" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json index f56777fa018..fe24b6ba896 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json @@ -7,7 +7,7 @@ }, "@timestamp": "2020-02-11T22:02:11.930Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -29,7 +29,6 @@ }, "event": { "action": "chat_message.sent", - "ingested": "2022-01-03T06:40:04.365213670Z", "type": [ "info", "creation" @@ -50,7 +49,7 @@ }, "@timestamp": "2020-02-11T23:00:08.594Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -72,7 +71,6 @@ }, "event": { "action": "chat_message.updated", - "ingested": "2022-01-03T06:40:04.365216461Z", "type": [ "info", "change" @@ -93,7 +91,7 @@ }, "@timestamp": "2020-02-11T23:00:08.594Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -114,7 +112,6 @@ }, "event": { "action": "chat_message.updated", - "ingested": "2022-01-03T06:40:04.365217486Z", "type": [ "info", "change" diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json index 927321fb540..fc4b699ee8d 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -28,7 +28,6 @@ "event": { "duration": 3600000000000, "action": "meeting.alert", - "ingested": "2022-01-03T06:40:04.898098074Z", "type": [ "error" ], @@ -46,7 +45,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -70,7 +69,6 @@ "event": { "duration": 3600000000000, "action": "meeting.created", - "ingested": "2022-01-03T06:40:04.898101204Z", "type": [ "info", "creation" @@ -90,7 +88,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -125,7 +123,6 @@ "event": { "duration": 7200000000000, "action": "meeting.updated", - "ingested": "2022-01-03T06:40:04.898102230Z", "type": [ "info", "change" @@ -148,7 +145,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -172,7 +169,6 @@ "event": { "duration": 3600000000000, "action": "meeting.deleted", - "ingested": "2022-01-03T06:40:04.898103149Z", "type": [ "info", "deletion" @@ -192,7 +188,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -213,7 +209,6 @@ "event": { "duration": 3600000000000, "action": "meeting.started", - "ingested": "2022-01-03T06:40:04.898104056Z", "type": [ "info", "start" @@ -232,7 +227,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -254,7 +249,6 @@ "event": { "duration": 600000000000, "action": "meeting.ended", - "ingested": "2022-01-03T06:40:04.898105035Z", "type": [ "info", "end" @@ -273,7 +267,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -302,7 +296,6 @@ "event": { "duration": 7200000000000, "action": "meeting.registration_created", - "ingested": "2022-01-03T06:40:04.898105932Z", "type": [ "info", "creation" @@ -324,7 +317,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -355,7 +348,6 @@ "event": { "duration": 3600000000000, "action": "meeting.registration_approved", - "ingested": "2022-01-03T06:40:04.898106818Z", "type": [ "info", "allowed" @@ -375,7 +367,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -404,7 +396,6 @@ "event": { "duration": 7200000000000, "action": "meeting.registration_cancelled", - "ingested": "2022-01-03T06:40:04.898107692Z", "type": [ "info" ], @@ -422,7 +413,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -455,7 +446,6 @@ "event": { "duration": 3600000000000, "action": "meeting.sharing_started", - "ingested": "2022-01-03T06:40:04.898108563Z", "type": [ "info", "start" @@ -475,7 +465,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -509,7 +499,6 @@ "event": { "duration": 3600000000000, "action": "meeting.sharing_ended", - "ingested": "2022-01-03T06:40:04.898109413Z", "type": [ "info", "end" @@ -529,7 +518,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -553,7 +542,6 @@ "event": { "duration": 3600000000000, "action": "meeting.participant_jbh_waiting", - "ingested": "2022-01-03T06:40:04.898110411Z", "type": [ "info" ], @@ -572,7 +560,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -596,7 +584,6 @@ "event": { "duration": 3600000000000, "action": "meeting.participant_jbh_joined", - "ingested": "2022-01-03T06:40:04.898111304Z", "type": [ "info" ], @@ -615,7 +602,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -643,7 +630,6 @@ "event": { "duration": 3600000000000, "action": "meeting.participant_joined", - "ingested": "2022-01-03T06:40:04.898112176Z", "type": [ "info" ], @@ -662,7 +648,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -690,7 +676,6 @@ "event": { "duration": 3600000000000, "action": "meeting.participant_left", - "ingested": "2022-01-03T06:40:04.898113050Z", "type": [ "info" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json index f0e50746611..aeafa9f8c7a 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -38,7 +38,6 @@ }, "event": { "action": "phone.caller_ringing", - "ingested": "2022-01-03T06:40:07.698973156Z", "type": [ "info", "creation" @@ -54,7 +53,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -87,7 +86,6 @@ }, "event": { "action": "phone.caller_connected", - "ingested": "2022-01-03T06:40:07.698976437Z", "type": [ "info", "start" @@ -103,7 +101,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -134,7 +132,6 @@ }, "event": { "action": "phone.caller_ringing", - "ingested": "2022-01-03T06:40:07.698977674Z", "type": [ "info", "creation" @@ -150,7 +147,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -183,7 +180,6 @@ }, "event": { "action": "phone.callee_answered", - "ingested": "2022-01-03T06:40:07.698978750Z", "type": [ "info", "start" @@ -199,7 +195,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -228,7 +224,6 @@ }, "event": { "action": "phone.callee_missed", - "ingested": "2022-01-03T06:40:07.698979777Z", "type": [ "info", "end" @@ -244,7 +239,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -274,7 +269,6 @@ }, "event": { "duration": 4000000000, - "ingested": "2022-01-03T06:40:07.698980824Z", "kind": [ "event" ], @@ -293,7 +287,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -323,7 +317,6 @@ }, "event": { "duration": 4000000000, - "ingested": "2022-01-03T06:40:07.698981864Z", "kind": [ "event" ], @@ -342,7 +335,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -372,7 +365,6 @@ }, "event": { "duration": 6000000000, - "ingested": "2022-01-03T06:40:07.698982956Z", "kind": [ "event" ], @@ -390,7 +382,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -424,7 +416,6 @@ }, "event": { "action": "phone.voicemail_received", - "ingested": "2022-01-03T06:40:07.698983970Z", "type": [ "info" ], @@ -448,11 +439,10 @@ "account_id": "EPebnxvbdn342MA" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "phone.caller_call_log_completed", - "ingested": "2022-01-03T06:40:07.698984999Z", "type": [ "info" ], @@ -473,11 +463,10 @@ "account_id": "EPeQt3543hvxzc" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "phone.callee_call_log_completed", - "ingested": "2022-01-03T06:40:07.698986033Z", "type": [ "info" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json index 3dd4816f3af..3673c15ed53 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -32,7 +32,6 @@ "event": { "start": "2019-07-31T22:41:02Z", "action": "recording.started", - "ingested": "2022-01-03T06:40:09.220154671Z", "type": [ "info", "start" @@ -51,7 +50,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -76,7 +75,6 @@ }, "event": { "action": "recording.paused", - "ingested": "2022-01-03T06:40:09.220157489Z", "type": [ "info", "change" @@ -95,7 +93,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -120,7 +118,6 @@ }, "event": { "action": "recording.resumed", - "ingested": "2022-01-03T06:40:09.220158533Z", "type": [ "info", "change" @@ -139,7 +136,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -165,7 +162,6 @@ }, "event": { "action": "recording.stopped", - "ingested": "2022-01-03T06:40:09.220159425Z", "end": "2019-07-31T22:43:29Z", "type": [ "info", @@ -185,7 +181,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -210,7 +206,6 @@ }, "event": { "action": "recording.completed", - "ingested": "2022-01-03T06:40:09.220160298Z", "type": [ "info", "end" @@ -233,7 +228,7 @@ }, "@timestamp": "2019-12-04T23:00:57.395Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -259,7 +254,6 @@ }, "event": { "action": "recording.renamed", - "ingested": "2022-01-03T06:40:09.220161167Z", "type": [ "info", "change" @@ -279,7 +273,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -303,7 +297,6 @@ }, "event": { "action": "recording.trashed", - "ingested": "2022-01-03T06:40:09.220162082Z", "type": [ "info", "deletion" @@ -325,7 +318,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -349,7 +342,6 @@ }, "event": { "action": "recording.deleted", - "ingested": "2022-01-03T06:40:09.220162948Z", "type": [ "info", "deletion" @@ -371,7 +363,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -395,7 +387,6 @@ }, "event": { "action": "recording.recovered", - "ingested": "2022-01-03T06:40:09.220163830Z", "type": [ "info", "change" @@ -417,7 +408,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -441,7 +432,6 @@ }, "event": { "action": "recording.transcript_completed", - "ingested": "2022-01-03T06:40:09.220164695Z", "type": [ "info", "end" @@ -463,7 +453,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -492,7 +482,6 @@ }, "event": { "action": "recording.registration_created", - "ingested": "2022-01-03T06:40:09.220165545Z", "type": [ "info", "creation" @@ -513,7 +502,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -542,7 +531,6 @@ }, "event": { "action": "recording.registration_approved", - "ingested": "2022-01-03T06:40:09.220166513Z", "type": [ "info", "allowed" @@ -563,7 +551,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -592,7 +580,6 @@ }, "event": { "action": "recording.registration_denied", - "ingested": "2022-01-03T06:40:09.220167387Z", "type": [ "info", "denied" diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json index e42508c9ac5..07593caa4a7 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -27,7 +27,6 @@ }, "event": { "action": "user.created", - "ingested": "2022-01-03T06:40:11.898867209Z", "category": [ "iam" ], @@ -50,7 +49,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -69,7 +68,6 @@ }, "event": { "action": "user.invitation_accepted", - "ingested": "2022-01-03T06:40:11.898870441Z", "category": [ "iam" ], @@ -93,7 +91,7 @@ }, "@timestamp": "2019-07-19T18:10:54.861Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -116,7 +114,6 @@ }, "event": { "action": "user.updated", - "ingested": "2022-01-03T06:40:11.898871440Z", "category": [ "iam" ], @@ -143,7 +140,7 @@ }, "@timestamp": "2019-07-19T21:47:06.929Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -174,7 +171,6 @@ }, "event": { "action": "user.settings_updated", - "ingested": "2022-01-03T06:40:11.898872345Z", "category": [ "configuration", "iam" @@ -202,7 +198,7 @@ }, "@timestamp": "2020-06-29T17:32:19.427Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -229,7 +225,6 @@ }, "event": { "action": "user.settings_updated", - "ingested": "2022-01-03T06:40:11.898873256Z", "category": [ "configuration", "iam" @@ -256,7 +251,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -278,7 +273,6 @@ }, "event": { "action": "user.deactivated", - "ingested": "2022-01-03T06:40:11.898874146Z", "category": [ "iam" ], @@ -306,7 +300,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -328,7 +322,6 @@ }, "event": { "action": "user.activated", - "ingested": "2022-01-03T06:40:11.898875027Z", "category": [ "iam" ], @@ -356,7 +349,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -378,7 +371,6 @@ }, "event": { "action": "user.disassociated", - "ingested": "2022-01-03T06:40:11.898875893Z", "category": [ "iam" ], @@ -406,7 +398,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -428,7 +420,6 @@ }, "event": { "action": "user.deleted", - "ingested": "2022-01-03T06:40:11.898876737Z", "category": [ "iam" ], @@ -456,7 +447,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -473,7 +464,6 @@ }, "event": { "action": "user.presence_status_updated", - "ingested": "2022-01-03T06:40:11.898880795Z", "category": [ "iam" ], @@ -496,7 +486,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -516,7 +506,6 @@ }, "event": { "action": "user.personal_notes_updated", - "ingested": "2022-01-03T06:40:11.898881690Z", "category": [ "iam" ], @@ -543,7 +532,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -561,7 +550,6 @@ }, "event": { "action": "user.signed_in", - "ingested": "2022-01-03T06:40:11.898882677Z", "category": [ "authentication" ], @@ -584,7 +572,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -602,7 +590,6 @@ }, "event": { "action": "user.signed_out", - "ingested": "2022-01-03T06:40:11.898883550Z", "category": [ "authentication" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json index 1f9bbf51535..bd9392fc9d2 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -30,7 +30,6 @@ }, "event": { "action": "webinar.created", - "ingested": "2022-01-03T06:40:14.393087560Z", "type": [ "info", "creation" @@ -50,7 +49,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -85,7 +84,6 @@ }, "event": { "action": "webinar.updated", - "ingested": "2022-01-03T06:40:14.393090335Z", "type": [ "info", "change" @@ -105,7 +103,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -129,7 +127,6 @@ }, "event": { "action": "webinar.deleted", - "ingested": "2022-01-03T06:40:14.393091370Z", "type": [ "info", "deletion" @@ -149,7 +146,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -172,7 +169,6 @@ }, "event": { "action": "webinar.started", - "ingested": "2022-01-03T06:40:14.393092276Z", "type": [ "info", "start" @@ -191,7 +187,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -214,7 +210,6 @@ }, "event": { "action": "webinar.ended", - "ingested": "2022-01-03T06:40:14.393093186Z", "type": [ "info", "end" @@ -233,7 +228,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -255,7 +250,6 @@ }, "event": { "action": "webinar.alert", - "ingested": "2022-01-03T06:40:14.393094070Z", "type": [ "error" ], @@ -270,7 +264,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -304,7 +298,6 @@ }, "event": { "action": "webinar.sharing_started", - "ingested": "2022-01-03T06:40:14.393094960Z", "type": [ "info", "start" @@ -324,7 +317,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -358,7 +351,6 @@ }, "event": { "action": "webinar.sharing_started", - "ingested": "2022-01-03T06:40:14.393095834Z", "type": [ "info", "start" @@ -378,7 +370,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -409,7 +401,6 @@ }, "event": { "action": "webinar.registration_created", - "ingested": "2022-01-03T06:40:14.393096698Z", "type": [ "info", "creation" @@ -430,7 +421,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -462,7 +453,6 @@ }, "event": { "action": "webinar.registration_approved", - "ingested": "2022-01-03T06:40:14.393097562Z", "type": [ "info", "allowed", @@ -484,7 +474,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -514,7 +504,6 @@ }, "event": { "action": "webinar.registration_denied", - "ingested": "2022-01-03T06:40:14.393098491Z", "type": [ "info", "denied", @@ -536,7 +525,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -566,7 +555,6 @@ }, "event": { "action": "webinar.registration_cancelled", - "ingested": "2022-01-03T06:40:14.393099487Z", "type": [ "info", "change" @@ -587,7 +575,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -617,7 +605,6 @@ }, "event": { "action": "webinar.participant_joined", - "ingested": "2022-01-03T06:40:14.393100395Z", "type": [ "info" ], @@ -636,7 +623,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -666,7 +653,6 @@ }, "event": { "action": "webinar.participant_left", - "ingested": "2022-01-03T06:40:14.393101278Z", "type": [ "info" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json index 61718ad9cc8..c2200868d34 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json @@ -19,11 +19,10 @@ "account_id": "EPAbcdefyZslakjflP" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "zoomroom.alert", - "ingested": "2022-01-03T06:40:16.974365045Z", "kind": [ "event" ] @@ -48,11 +47,10 @@ "account_id": "EPAbcdefyZslakjflP" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "zoomroom.delayed_alert", - "ingested": "2022-01-03T06:40:16.974368261Z", "kind": [ "event" ] @@ -77,11 +75,10 @@ "account_id": "vhdnmf673q2543rfhgsca" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "zoomroom.checked_in", - "ingested": "2022-01-03T06:40:16.974369327Z", "type": [ "info", "start" @@ -110,11 +107,10 @@ "account_id": "vhdnmf673q2543rfhgsca" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "zoomroom.checked_in", - "ingested": "2022-01-03T06:40:16.974370285Z", "type": [ "info", "start" diff --git a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml index 17b3fcd9493..018e6ce9f9f 100644 --- a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml @@ -7,12 +7,9 @@ processors: - set: field: observer.product value: Webhook - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: 8.0.0 + value: 8.2.0 - script: description: Drops null/empty values recursively lang: painless diff --git a/packages/zoom/manifest.yml b/packages/zoom/manifest.yml index 986522d4c1d..4b8b103e657 100644 --- a/packages/zoom/manifest.yml +++ b/packages/zoom/manifest.yml @@ -1,6 +1,6 @@ name: zoom title: Zoom -version: 1.2.1 +version: 1.3.0 release: ga description: Collect data from Zoom Platform API with Elastic Agent. type: integration diff --git a/packages/zscaler_zia/_dev/build/build.yml b/packages/zscaler_zia/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zscaler_zia/_dev/build/build.yml +++ b/packages/zscaler_zia/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index 77542ffe378..a977c5ffc2c 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update ECS to 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "0.1.3" changes: - description: Updated the image file reference in README file diff --git a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json index 69a341f40bb..ff32b989cb4 100644 --- a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json +++ b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "original": "\u003c114\u003eDec 10 14:04:28 [175.16.199.1] ZscalerNSS: Zscaler cloud configuration connection to 175.16.199.1:443 lost and unavailable for the past 2325.00 minutes" @@ -41,7 +41,7 @@ "port": 9012 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "original": "\u003c114\u003eDec 10 13:40:32 [81.2.69.193] ZscalerNSS: SIEM Feed connection \"DNS Logs Feed\" to 81.2.69.193:9012 lost and unavailable for the past 2440.00 minutes" @@ -74,7 +74,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "original": "\u003c114\u003eDec 10 13:44:07 [81.2.69.193] Hey, that's a new type of alert. Isn't it?" diff --git a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 8f9acf997c5..ecf2838641e 100644 --- a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler alert logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/alerts/sample_event.json b/packages/zscaler_zia/data_stream/alerts/sample_event.json index 0749ca369ad..ee7917801a3 100644 --- a/packages/zscaler_zia/data_stream/alerts/sample_event.json +++ b/packages/zscaler_zia/data_stream/alerts/sample_event.json @@ -19,7 +19,7 @@ "port": 9012 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 86a5cb3258d..89acc126516 100644 --- a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index cbad42a808a..d6361516e52 100644 --- a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler dns logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/dns/sample_event.json b/packages/zscaler_zia/data_stream/dns/sample_event.json index 86b91a6988c..b668ffd2eca 100644 --- a/packages/zscaler_zia/data_stream/dns/sample_event.json +++ b/packages/zscaler_zia/data_stream/dns/sample_event.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index 89906aa930a..9deec3338d7 100644 --- a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -6,7 +6,7 @@ "bytes": 1734 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop", diff --git a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index f27a8cfea02..37e03b1b8d9 100644 --- a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler firewall logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/firewall/sample_event.json b/packages/zscaler_zia/data_stream/firewall/sample_event.json index d5914ddf13b..7af4124c4aa 100644 --- a/packages/zscaler_zia/data_stream/firewall/sample_event.json +++ b/packages/zscaler_zia/data_stream/firewall/sample_event.json @@ -17,7 +17,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index 54bb7c4ed21..005d8cff8e4 100644 --- a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -93,7 +93,7 @@ "port": 500 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -156,7 +156,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "IPsec tunnel is up", diff --git a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index a62b7ab78ee..2aa4e04f47e 100644 --- a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler tunnel logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/tunnel/sample_event.json b/packages/zscaler_zia/data_stream/tunnel/sample_event.json index eebfed78d8f..b3aa970bfcf 100644 --- a/packages/zscaler_zia/data_stream/tunnel/sample_event.json +++ b/packages/zscaler_zia/data_stream/tunnel/sample_event.json @@ -17,7 +17,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json index 843447fd7e5..60dd7bde1fd 100644 --- a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json +++ b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", @@ -229,7 +229,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", @@ -340,7 +340,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", @@ -451,7 +451,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", diff --git a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml index 035e7682c12..2d160638d3c 100644 --- a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler web logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/web/sample_event.json b/packages/zscaler_zia/data_stream/web/sample_event.json index 7d38b9cbfee..061a72cef5a 100644 --- a/packages/zscaler_zia/data_stream/web/sample_event.json +++ b/packages/zscaler_zia/data_stream/web/sample_event.json @@ -23,7 +23,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/docs/README.md b/packages/zscaler_zia/docs/README.md index c0373934ff3..232a1a46b12 100644 --- a/packages/zscaler_zia/docs/README.md +++ b/packages/zscaler_zia/docs/README.md @@ -216,7 +216,7 @@ An example event for `alerts` looks as following: "port": 9012 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -388,7 +388,7 @@ An example event for `dns` looks as following: } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -580,7 +580,7 @@ An example event for `firewall` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -799,7 +799,7 @@ An example event for `tunnel` looks as following: "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -1036,7 +1036,7 @@ An example event for `web` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index 333a0385796..512bcc59559 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zia title: "Zscaler Internet Access" -version: 0.1.3 +version: 0.2.0 license: basic description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration diff --git a/packages/zscaler_zpa/_dev/build/build.yml b/packages/zscaler_zpa/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zscaler_zpa/_dev/build/build.yml +++ b/packages/zscaler_zpa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index 4327b7c0da5..81523cf4d22 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update ECS to 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "0.1.2" changes: - description: Add documentation for multi-fields diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json index b6303581762..1111bb2246e 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "package", diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml index 12f6f6975ce..ea84f5ecb96 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler app connector status logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json index 709f1b74057..d54089c0742 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 11a3fe01622..2bd84609931 100644 --- a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -63,7 +63,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 91496d20504..f013b24c634 100644 --- a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler audit logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/audit/sample_event.json b/packages/zscaler_zpa/data_stream/audit/sample_event.json index 76b48d8a4be..d12e0465a82 100644 --- a/packages/zscaler_zpa/data_stream/audit/sample_event.json +++ b/packages/zscaler_zpa/data_stream/audit/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json index 8ee5746be27..1657f26bfe2 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json +++ b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json @@ -19,7 +19,7 @@ "port": 60006 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml index 71d3f0032da..2cedb9ec2f0 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler browser access logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json index ce40a5e7eb6..b01dbb2515f 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json +++ b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json @@ -30,7 +30,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "acf7dca8-817d-4681-bad3-1cc9bfefc49c", diff --git a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json index 83e9bf7d0fa..9e6cf20d057 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "iam", diff --git a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml index e489e89bd50..689b5a60acc 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user activity logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json index 7cb6453ce96..bbe9478dc52 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json index 172ce6916a4..87d6daaa0a4 100644 --- a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "iam", diff --git a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml index dd43d929525..6412e4ae129 100644 --- a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user status logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_status/sample_event.json b/packages/zscaler_zpa/data_stream/user_status/sample_event.json index fe6f41e1639..10f701d32fc 100644 --- a/packages/zscaler_zpa/data_stream/user_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_status/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/docs/README.md b/packages/zscaler_zpa/docs/README.md index a71714df16f..a608135e53b 100644 --- a/packages/zscaler_zpa/docs/README.md +++ b/packages/zscaler_zpa/docs/README.md @@ -228,7 +228,7 @@ An example event for `app_connector_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -444,7 +444,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -661,7 +661,7 @@ An example event for `browser_access` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "acf7dca8-817d-4681-bad3-1cc9bfefc49c", @@ -925,7 +925,7 @@ An example event for `user_activity` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -1168,7 +1168,7 @@ An example event for `user_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index f8441c04371..79955d06802 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zpa title: "Zscaler Private Access" -version: 0.1.2 +version: 0.2.0 license: basic description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. type: integration