From 9f2d2ae67307bbe47fee4931606418e95479b171 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 10:35:44 -0600 Subject: [PATCH 01/19] Update tcp to ECS 8.2 --- packages/tcp/_dev/build/build.yml | 2 +- packages/tcp/changelog.yml | 5 +++++ packages/tcp/data_stream/generic/sample_event.json | 2 +- packages/tcp/manifest.yml | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/packages/tcp/_dev/build/build.yml b/packages/tcp/_dev/build/build.yml index 08d85edcf9a..d61527283ec 100644 --- a/packages/tcp/_dev/build/build.yml +++ b/packages/tcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@8.2 diff --git a/packages/tcp/changelog.yml b/packages/tcp/changelog.yml index 63219197a35..93b8af3379c 100644 --- a/packages/tcp/changelog.yml +++ b/packages/tcp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.0.0" changes: - description: Initial Release diff --git a/packages/tcp/data_stream/generic/sample_event.json b/packages/tcp/data_stream/generic/sample_event.json index 05932f55da5..15130786260 100644 --- a/packages/tcp/data_stream/generic/sample_event.json +++ b/packages/tcp/data_stream/generic/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "1.11.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b401b753-f7aa-4f45-8204-fb83d47df6cd", diff --git a/packages/tcp/manifest.yml b/packages/tcp/manifest.yml index d322bfde0d4..6c3a1f5536b 100644 --- a/packages/tcp/manifest.yml +++ b/packages/tcp/manifest.yml @@ -3,7 +3,7 @@ name: tcp title: Custom TCP Logs description: Collect raw TCP data from listening TCP port with Elastic Agent. type: integration -version: 1.0.0 +version: 1.1.0 release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" From 371bab9ebed6a81d3b33cf776f107f0370d084e1 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 12:29:25 -0600 Subject: [PATCH 02/19] Update tenable_sc to ECS 8.2 --- packages/tenable_sc/_dev/build/build.yml | 2 +- packages/tenable_sc/changelog.yml | 7 ++++++- .../_dev/test/pipeline/test-asset.log-expected.json | 6 +++--- .../asset/elasticsearch/ingest_pipeline/default.yml | 2 +- .../tenable_sc/data_stream/asset/sample_event.json | 2 +- .../_dev/test/pipeline/test-plugin.log-expected.json | 8 ++++---- .../plugin/elasticsearch/ingest_pipeline/default.yml | 2 +- .../tenable_sc/data_stream/plugin/sample_event.json | 2 +- .../test/pipeline/test-vulnerability.log-expected.json | 10 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/vulnerability/sample_event.json | 2 +- packages/tenable_sc/docs/README.md | 6 +++--- packages/tenable_sc/manifest.yml | 2 +- 13 files changed, 29 insertions(+), 24 deletions(-) diff --git a/packages/tenable_sc/_dev/build/build.yml b/packages/tenable_sc/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/tenable_sc/_dev/build/build.yml +++ b/packages/tenable_sc/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index 244ce81a462..c8cb348fd9b 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -1,10 +1,15 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.1.0" changes: - description: Add custom User-Agent. Added configurable response size. Added filter in vulnerability dashboard to filter hostname and vulnerability cve id. Added unique identifier to asset. type: enhancement link: https://github.com/elastic/integrations/pull/2718 -- version: "1.0.0" +- version: 1.0.0 changes: - description: Promote to GA. type: enhancement diff --git a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json index 7b029d1af1d..498c0fd5ba3 100644 --- a/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json +++ b/packages/tenable_sc/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "host", @@ -78,7 +78,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "host", @@ -154,7 +154,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "host", diff --git a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index 826e04873ab..f3288708844 100644 --- a/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc asset logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/asset/sample_event.json b/packages/tenable_sc/data_stream/asset/sample_event.json index 4cb4829f173..1b12f787ed8 100644 --- a/packages/tenable_sc/data_stream/asset/sample_event.json +++ b/packages/tenable_sc/data_stream/asset/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json index 5d3d018f22e..e470f9f786b 100644 --- a/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json +++ b/packages/tenable_sc/data_stream/plugin/_dev/test/pipeline/test-plugin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "kind": "event", @@ -90,7 +90,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "kind": "event", @@ -230,7 +230,7 @@ { "@timestamp": "2021-10-27T01:36:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "kind": "event", @@ -353,7 +353,7 @@ { "@timestamp": "2021-09-27T01:33:53.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "kind": "event", diff --git a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml index 685a3a43792..4e6d4aa7d91 100644 --- a/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc plugin logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/plugin/sample_event.json b/packages/tenable_sc/data_stream/plugin/sample_event.json index 1483c68fadf..88c4340113c 100644 --- a/packages/tenable_sc/data_stream/plugin/sample_event.json +++ b/packages/tenable_sc/data_stream/plugin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json index 69981b53b4b..382c8d3f3ca 100644 --- a/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json +++ b/packages/tenable_sc/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -117,7 +117,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -234,7 +234,7 @@ { "@timestamp": "2021-09-25T16:08:45.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -415,7 +415,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -630,7 +630,7 @@ { "@timestamp": "2021-10-30T16:12:20.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index 4a1361840bd..494f6ca83b2 100644 --- a/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_sc/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Tenable.sc vulnerability logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/tenable_sc/data_stream/vulnerability/sample_event.json b/packages/tenable_sc/data_stream/vulnerability/sample_event.json index 3f825fb02f6..c1872bec2de 100644 --- a/packages/tenable_sc/data_stream/vulnerability/sample_event.json +++ b/packages/tenable_sc/data_stream/vulnerability/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/docs/README.md b/packages/tenable_sc/docs/README.md index ff3f5b19116..c76cd08378a 100644 --- a/packages/tenable_sc/docs/README.md +++ b/packages/tenable_sc/docs/README.md @@ -47,7 +47,7 @@ An example event for `asset` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", @@ -237,7 +237,7 @@ An example event for `plugin` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", @@ -491,7 +491,7 @@ An example event for `vulnerability` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "ecf3f02f-66cb-4b07-8a38-d84956c78dcc", diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml index 5467f20cd51..d480adc168b 100644 --- a/packages/tenable_sc/manifest.yml +++ b/packages/tenable_sc/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: tenable_sc title: Tenable.sc # The version must be updated in the pipeline as well. Until elastic/kibana#121310 is implemented we will have to manually sync these. -version: 1.1.0 +version: 1.2.0 license: basic description: | Collect logs from Tenable.sc with Elastic Agent. From cf762f8e00b6f9c0a010753998913139dde42d0f Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 12:34:16 -0600 Subject: [PATCH 03/19] Update ti_abusech to ECS 8.2 --- packages/ti_abusech/_dev/build/build.yml | 2 +- packages/ti_abusech/changelog.yml | 5 ++ .../test-malware-ndjson.log-expected.json | 50 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/malware/sample_event.json | 2 +- ...est-malwarebazaar-ndjson.log-expected.json | 18 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../malwarebazaar/sample_event.json | 2 +- packages/ti_abusech/manifest.yml | 2 +- 9 files changed, 45 insertions(+), 40 deletions(-) diff --git a/packages/ti_abusech/_dev/build/build.yml b/packages/ti_abusech/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_abusech/_dev/build/build.yml +++ b/packages/ti_abusech/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_abusech/changelog.yml b/packages/ti_abusech/changelog.yml index 9f4b624a1cf..e7148bc9869 100644 --- a/packages/ti_abusech/changelog.yml +++ b/packages/ti_abusech/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json index 881fa5b4266..27cf707ec0b 100644 --- a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json @@ -5,7 +5,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -51,7 +51,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -103,7 +103,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -149,7 +149,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -195,7 +195,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -244,7 +244,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -290,7 +290,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -336,7 +336,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -384,7 +384,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -430,7 +430,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -476,7 +476,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -522,7 +522,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -568,7 +568,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -614,7 +614,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -662,7 +662,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -708,7 +708,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -754,7 +754,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -802,7 +802,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -848,7 +848,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -894,7 +894,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -942,7 +942,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -988,7 +988,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1034,7 +1034,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1080,7 +1080,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1126,7 +1126,7 @@ "malware": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml index f7ee80b1499..e6307a0738c 100644 --- a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malware/sample_event.json b/packages/ti_abusech/data_stream/malware/sample_event.json index 308c4a4b762..4c91be0d1a4 100644 --- a/packages/ti_abusech/data_stream/malware/sample_event.json +++ b/packages/ti_abusech/data_stream/malware/sample_event.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json index 5a8784c695a..ea8ae47c6e0 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -273,7 +273,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -400,7 +400,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -467,7 +467,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -539,7 +539,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml index f9added18ad..0dcc21bc9a5 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json index 23f72cfa959..33859d4914b 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/sample_event.json @@ -27,7 +27,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/ti_abusech/manifest.yml b/packages/ti_abusech/manifest.yml index cb7c2509237..d2f7ec062f9 100644 --- a/packages/ti_abusech/manifest.yml +++ b/packages/ti_abusech/manifest.yml @@ -1,6 +1,6 @@ name: ti_abusech title: AbuseCH -version: 1.2.0 +version: 1.3.0 release: ga description: Collect threat intelligence from AbuseCH API with Elastic Agent. type: integration From ef4dfd355b072fe8c8ce5b5800464e8dd998f834 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 12:46:34 -0600 Subject: [PATCH 04/19] Update ti_anomali to ECS 8.2 --- packages/ti_anomali/_dev/build/build.yml | 2 +- packages/ti_anomali/changelog.yml | 5 + ...test-anomali-limo-ndjson.log-expected.json | 1284 ++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/limo/sample_event.json | 2 +- ...st-anomali-threatstream.json-expected.json | 200 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../threatstream/sample_event.json | 2 +- packages/ti_anomali/docs/README.md | 4 +- packages/ti_anomali/manifest.yml | 2 +- 10 files changed, 755 insertions(+), 750 deletions(-) diff --git a/packages/ti_anomali/_dev/build/build.yml b/packages/ti_anomali/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_anomali/_dev/build/build.yml +++ b/packages/ti_anomali/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 86059da0615..a477615d23e 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.2.1" changes: - description: Adding first interval to Anomali Limo policy UI diff --git a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json index 2cd54091b19..f6a1eba63a4 100644 --- a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json +++ b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -125,7 +125,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -227,7 +227,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -279,7 +279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -331,7 +331,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -376,7 +376,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -428,7 +428,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -480,7 +480,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -531,7 +531,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -628,7 +628,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -724,7 +724,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -769,7 +769,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -820,7 +820,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -924,7 +924,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -976,7 +976,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1028,7 +1028,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1080,7 +1080,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1132,7 +1132,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1184,7 +1184,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1236,7 +1236,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1288,7 +1288,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1333,7 +1333,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1436,7 +1436,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1488,7 +1488,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1540,7 +1540,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1585,7 +1585,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1637,7 +1637,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1682,7 +1682,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1734,7 +1734,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1785,7 +1785,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1837,7 +1837,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1889,7 +1889,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1941,7 +1941,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1992,7 +1992,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2043,7 +2043,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2095,7 +2095,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2140,7 +2140,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2192,7 +2192,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2244,7 +2244,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2296,7 +2296,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2347,7 +2347,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2399,7 +2399,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2451,7 +2451,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2503,7 +2503,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2555,7 +2555,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2600,7 +2600,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2651,7 +2651,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2703,7 +2703,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2755,7 +2755,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2807,7 +2807,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2858,7 +2858,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2910,7 +2910,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2962,7 +2962,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3014,7 +3014,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3066,7 +3066,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3117,7 +3117,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3168,7 +3168,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3219,7 +3219,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3270,7 +3270,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3315,7 +3315,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3367,7 +3367,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3412,7 +3412,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3463,7 +3463,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3515,7 +3515,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3566,7 +3566,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3617,7 +3617,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3662,7 +3662,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3707,7 +3707,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3759,7 +3759,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3810,7 +3810,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3862,7 +3862,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3913,7 +3913,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3965,7 +3965,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4016,7 +4016,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4067,7 +4067,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4112,7 +4112,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4163,7 +4163,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4214,7 +4214,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4266,7 +4266,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4317,7 +4317,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4369,7 +4369,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4420,7 +4420,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4472,7 +4472,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4523,7 +4523,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4575,7 +4575,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4626,7 +4626,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4678,7 +4678,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4730,7 +4730,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4781,7 +4781,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4833,7 +4833,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4885,7 +4885,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4937,7 +4937,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4989,7 +4989,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5034,7 +5034,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5086,7 +5086,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5137,7 +5137,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5188,7 +5188,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5233,7 +5233,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5284,7 +5284,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5336,7 +5336,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5388,7 +5388,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5439,7 +5439,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5490,7 +5490,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5541,7 +5541,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5593,7 +5593,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5645,7 +5645,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5696,7 +5696,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5747,7 +5747,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5798,7 +5798,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5849,7 +5849,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5900,7 +5900,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5951,7 +5951,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6003,7 +6003,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6054,7 +6054,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6105,7 +6105,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6156,7 +6156,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6201,7 +6201,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6246,7 +6246,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6297,7 +6297,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6348,7 +6348,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6400,7 +6400,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6451,7 +6451,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6496,7 +6496,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6547,7 +6547,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6599,7 +6599,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6650,7 +6650,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6701,7 +6701,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6746,7 +6746,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6791,7 +6791,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6836,7 +6836,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6887,7 +6887,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6938,7 +6938,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -6989,7 +6989,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7041,7 +7041,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7092,7 +7092,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7143,7 +7143,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7195,7 +7195,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7246,7 +7246,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7297,7 +7297,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7348,7 +7348,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7399,7 +7399,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7450,7 +7450,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7501,7 +7501,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7552,7 +7552,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7603,7 +7603,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7655,7 +7655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7706,7 +7706,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7757,7 +7757,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7808,7 +7808,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7859,7 +7859,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7910,7 +7910,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -7961,7 +7961,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8012,7 +8012,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8063,7 +8063,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8114,7 +8114,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8165,7 +8165,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8216,7 +8216,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8267,7 +8267,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8318,7 +8318,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8369,7 +8369,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8420,7 +8420,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8471,7 +8471,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8522,7 +8522,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8573,7 +8573,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8624,7 +8624,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8675,7 +8675,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8726,7 +8726,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8777,7 +8777,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8822,7 +8822,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8873,7 +8873,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8924,7 +8924,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -8975,7 +8975,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9026,7 +9026,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9077,7 +9077,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9129,7 +9129,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9181,7 +9181,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9232,7 +9232,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9284,7 +9284,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9336,7 +9336,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9381,7 +9381,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9432,7 +9432,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9484,7 +9484,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9535,7 +9535,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9587,7 +9587,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9639,7 +9639,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9684,7 +9684,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9735,7 +9735,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9780,7 +9780,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9832,7 +9832,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9884,7 +9884,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9936,7 +9936,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -9987,7 +9987,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10039,7 +10039,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10091,7 +10091,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10136,7 +10136,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10188,7 +10188,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10240,7 +10240,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10292,7 +10292,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10344,7 +10344,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10396,7 +10396,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10447,7 +10447,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10499,7 +10499,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10551,7 +10551,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10603,7 +10603,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10655,7 +10655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10707,7 +10707,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10759,7 +10759,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10810,7 +10810,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10862,7 +10862,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10914,7 +10914,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -10966,7 +10966,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11011,7 +11011,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11063,7 +11063,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11115,7 +11115,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11167,7 +11167,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11219,7 +11219,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11271,7 +11271,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11323,7 +11323,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11375,7 +11375,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11420,7 +11420,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11472,7 +11472,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11524,7 +11524,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11576,7 +11576,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11628,7 +11628,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11673,7 +11673,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11724,7 +11724,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11776,7 +11776,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11828,7 +11828,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11880,7 +11880,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11925,7 +11925,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -11977,7 +11977,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12029,7 +12029,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12081,7 +12081,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12133,7 +12133,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12184,7 +12184,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12235,7 +12235,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12280,7 +12280,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12332,7 +12332,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12384,7 +12384,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12436,7 +12436,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12488,7 +12488,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12540,7 +12540,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12591,7 +12591,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12643,7 +12643,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12695,7 +12695,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12746,7 +12746,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12797,7 +12797,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12849,7 +12849,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12901,7 +12901,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12946,7 +12946,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -12991,7 +12991,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13043,7 +13043,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13095,7 +13095,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13146,7 +13146,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13198,7 +13198,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13250,7 +13250,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13302,7 +13302,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13354,7 +13354,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13406,7 +13406,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13458,7 +13458,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13510,7 +13510,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13555,7 +13555,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13607,7 +13607,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13658,7 +13658,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13710,7 +13710,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13762,7 +13762,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13813,7 +13813,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13865,7 +13865,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13916,7 +13916,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -13968,7 +13968,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14020,7 +14020,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14071,7 +14071,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14123,7 +14123,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14175,7 +14175,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14226,7 +14226,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14278,7 +14278,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14330,7 +14330,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14381,7 +14381,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14432,7 +14432,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14483,7 +14483,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14535,7 +14535,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14586,7 +14586,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14637,7 +14637,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14688,7 +14688,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14740,7 +14740,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14792,7 +14792,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14843,7 +14843,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14895,7 +14895,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14940,7 +14940,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -14991,7 +14991,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15043,7 +15043,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15088,7 +15088,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15133,7 +15133,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15178,7 +15178,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15229,7 +15229,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15281,7 +15281,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15332,7 +15332,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15384,7 +15384,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15429,7 +15429,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15481,7 +15481,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15533,7 +15533,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15585,7 +15585,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15637,7 +15637,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15689,7 +15689,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15741,7 +15741,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15793,7 +15793,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15845,7 +15845,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15897,7 +15897,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15942,7 +15942,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -15994,7 +15994,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16046,7 +16046,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16098,7 +16098,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16150,7 +16150,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16202,7 +16202,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16253,7 +16253,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16305,7 +16305,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16357,7 +16357,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16409,7 +16409,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16454,7 +16454,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16506,7 +16506,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16558,7 +16558,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16610,7 +16610,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16655,7 +16655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16700,7 +16700,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16752,7 +16752,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16804,7 +16804,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16856,7 +16856,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16908,7 +16908,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -16960,7 +16960,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17012,7 +17012,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17064,7 +17064,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17116,7 +17116,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17161,7 +17161,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17213,7 +17213,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17265,7 +17265,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17317,7 +17317,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17368,7 +17368,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17419,7 +17419,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17464,7 +17464,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17516,7 +17516,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17561,7 +17561,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17613,7 +17613,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17664,7 +17664,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17715,7 +17715,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17767,7 +17767,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17818,7 +17818,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17870,7 +17870,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17922,7 +17922,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -17973,7 +17973,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18025,7 +18025,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18076,7 +18076,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18128,7 +18128,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18179,7 +18179,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18230,7 +18230,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18281,7 +18281,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18326,7 +18326,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18377,7 +18377,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18428,7 +18428,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18479,7 +18479,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18531,7 +18531,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18583,7 +18583,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18635,7 +18635,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18687,7 +18687,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18739,7 +18739,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18784,7 +18784,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18829,7 +18829,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18880,7 +18880,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18931,7 +18931,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -18982,7 +18982,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19027,7 +19027,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19078,7 +19078,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19123,7 +19123,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19174,7 +19174,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19226,7 +19226,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19277,7 +19277,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19322,7 +19322,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19367,7 +19367,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19419,7 +19419,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19471,7 +19471,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19522,7 +19522,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19573,7 +19573,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19624,7 +19624,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19669,7 +19669,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19720,7 +19720,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19771,7 +19771,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19822,7 +19822,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19874,7 +19874,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19926,7 +19926,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -19977,7 +19977,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20029,7 +20029,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20081,7 +20081,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20133,7 +20133,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20178,7 +20178,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20230,7 +20230,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20282,7 +20282,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20333,7 +20333,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20384,7 +20384,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20429,7 +20429,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20480,7 +20480,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20532,7 +20532,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20584,7 +20584,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20635,7 +20635,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20680,7 +20680,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20731,7 +20731,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20783,7 +20783,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20834,7 +20834,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20886,7 +20886,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20938,7 +20938,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -20990,7 +20990,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21035,7 +21035,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21086,7 +21086,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21138,7 +21138,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21189,7 +21189,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21241,7 +21241,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21293,7 +21293,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21344,7 +21344,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21395,7 +21395,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21446,7 +21446,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21498,7 +21498,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21549,7 +21549,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21601,7 +21601,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21653,7 +21653,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21705,7 +21705,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21757,7 +21757,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21809,7 +21809,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21854,7 +21854,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21906,7 +21906,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -21958,7 +21958,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22010,7 +22010,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22062,7 +22062,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22113,7 +22113,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22164,7 +22164,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22216,7 +22216,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22261,7 +22261,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22313,7 +22313,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22364,7 +22364,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22416,7 +22416,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22468,7 +22468,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22519,7 +22519,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22564,7 +22564,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22616,7 +22616,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22668,7 +22668,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22713,7 +22713,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22758,7 +22758,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22809,7 +22809,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22860,7 +22860,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22912,7 +22912,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -22963,7 +22963,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23014,7 +23014,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23059,7 +23059,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23104,7 +23104,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23155,7 +23155,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23206,7 +23206,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23257,7 +23257,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23308,7 +23308,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23359,7 +23359,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23404,7 +23404,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23456,7 +23456,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23508,7 +23508,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23560,7 +23560,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23605,7 +23605,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23657,7 +23657,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23709,7 +23709,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23761,7 +23761,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23813,7 +23813,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23865,7 +23865,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23917,7 +23917,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -23968,7 +23968,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24019,7 +24019,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24071,7 +24071,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24123,7 +24123,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24175,7 +24175,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24227,7 +24227,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24279,7 +24279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24330,7 +24330,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24382,7 +24382,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24434,7 +24434,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24486,7 +24486,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24537,7 +24537,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24588,7 +24588,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24640,7 +24640,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24685,7 +24685,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24737,7 +24737,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24789,7 +24789,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24841,7 +24841,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24893,7 +24893,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24945,7 +24945,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24997,7 +24997,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25049,7 +25049,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25100,7 +25100,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25152,7 +25152,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25204,7 +25204,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25256,7 +25256,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25308,7 +25308,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25353,7 +25353,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25405,7 +25405,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25457,7 +25457,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25508,7 +25508,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25560,7 +25560,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25612,7 +25612,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25664,7 +25664,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25716,7 +25716,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25768,7 +25768,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25820,7 +25820,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25865,7 +25865,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25917,7 +25917,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -25969,7 +25969,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26021,7 +26021,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26073,7 +26073,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26125,7 +26125,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26170,7 +26170,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26222,7 +26222,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26274,7 +26274,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26319,7 +26319,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26371,7 +26371,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26423,7 +26423,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26475,7 +26475,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26527,7 +26527,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26579,7 +26579,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26624,7 +26624,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26676,7 +26676,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26728,7 +26728,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26780,7 +26780,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26832,7 +26832,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26884,7 +26884,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26936,7 +26936,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -26988,7 +26988,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27040,7 +27040,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27092,7 +27092,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27144,7 +27144,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27196,7 +27196,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27248,7 +27248,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27300,7 +27300,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27352,7 +27352,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27404,7 +27404,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27455,7 +27455,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27507,7 +27507,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27552,7 +27552,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27597,7 +27597,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27649,7 +27649,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27701,7 +27701,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27753,7 +27753,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27805,7 +27805,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27857,7 +27857,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27909,7 +27909,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -27961,7 +27961,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28013,7 +28013,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28065,7 +28065,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28117,7 +28117,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28169,7 +28169,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28220,7 +28220,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28272,7 +28272,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28324,7 +28324,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28376,7 +28376,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28428,7 +28428,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28480,7 +28480,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28532,7 +28532,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28584,7 +28584,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28635,7 +28635,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28687,7 +28687,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28739,7 +28739,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28791,7 +28791,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28843,7 +28843,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28895,7 +28895,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28947,7 +28947,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -28998,7 +28998,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29050,7 +29050,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29102,7 +29102,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29154,7 +29154,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29206,7 +29206,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29258,7 +29258,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29310,7 +29310,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29362,7 +29362,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29414,7 +29414,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29459,7 +29459,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29511,7 +29511,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29563,7 +29563,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29615,7 +29615,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29660,7 +29660,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29712,7 +29712,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29757,7 +29757,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29809,7 +29809,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29861,7 +29861,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29913,7 +29913,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -29965,7 +29965,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30017,7 +30017,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30069,7 +30069,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30121,7 +30121,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30172,7 +30172,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30224,7 +30224,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30276,7 +30276,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30328,7 +30328,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30379,7 +30379,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30424,7 +30424,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30469,7 +30469,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30514,7 +30514,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30566,7 +30566,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30618,7 +30618,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30669,7 +30669,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30721,7 +30721,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30766,7 +30766,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30818,7 +30818,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30863,7 +30863,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30915,7 +30915,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -30967,7 +30967,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31012,7 +31012,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31064,7 +31064,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31109,7 +31109,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31160,7 +31160,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31212,7 +31212,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31264,7 +31264,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31309,7 +31309,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31361,7 +31361,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31413,7 +31413,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31465,7 +31465,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31517,7 +31517,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31569,7 +31569,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31621,7 +31621,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31673,7 +31673,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31724,7 +31724,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31776,7 +31776,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31827,7 +31827,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31879,7 +31879,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31931,7 +31931,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -31983,7 +31983,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32035,7 +32035,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32086,7 +32086,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32138,7 +32138,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32183,7 +32183,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32235,7 +32235,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32287,7 +32287,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32338,7 +32338,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32390,7 +32390,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32442,7 +32442,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32493,7 +32493,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -32545,7 +32545,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml index 2e03b4daa00..67e08bb29d5 100644 --- a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_anomali/data_stream/limo/sample_event.json b/packages/ti_anomali/data_stream/limo/sample_event.json index 4842d33bddd..48e67b4594c 100644 --- a/packages/ti_anomali/data_stream/limo/sample_event.json +++ b/packages/ti_anomali/data_stream/limo/sample_event.json @@ -23,7 +23,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json index 209b86282ba..d33c4172e4e 100644 --- a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json +++ b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -86,7 +86,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -149,7 +149,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -212,7 +212,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -267,7 +267,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -331,7 +331,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -395,7 +395,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -509,7 +509,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -572,7 +572,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -634,7 +634,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -690,7 +690,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -807,7 +807,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -864,7 +864,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -918,7 +918,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -974,7 +974,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1031,7 +1031,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1087,7 +1087,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1143,7 +1143,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1198,7 +1198,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1253,7 +1253,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1311,7 +1311,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1366,7 +1366,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1428,7 +1428,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1485,7 +1485,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1541,7 +1541,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1596,7 +1596,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1649,7 +1649,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1711,7 +1711,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1774,7 +1774,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1830,7 +1830,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1887,7 +1887,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1943,7 +1943,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1997,7 +1997,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2053,7 +2053,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2109,7 +2109,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2163,7 +2163,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2218,7 +2218,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2279,7 +2279,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2333,7 +2333,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2389,7 +2389,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2445,7 +2445,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2508,7 +2508,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2564,7 +2564,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2625,7 +2625,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2687,7 +2687,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2742,7 +2742,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2797,7 +2797,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2853,7 +2853,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2909,7 +2909,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2970,7 +2970,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3025,7 +3025,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3079,7 +3079,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3132,7 +3132,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3194,7 +3194,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3248,7 +3248,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3303,7 +3303,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3359,7 +3359,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3414,7 +3414,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3470,7 +3470,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3531,7 +3531,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3587,7 +3587,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3642,7 +3642,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3698,7 +3698,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3754,7 +3754,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3810,7 +3810,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3865,7 +3865,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3919,7 +3919,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -3981,7 +3981,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4035,7 +4035,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4089,7 +4089,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4144,7 +4144,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4205,7 +4205,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4260,7 +4260,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4314,7 +4314,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4370,7 +4370,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4431,7 +4431,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4488,7 +4488,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4543,7 +4543,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4611,7 +4611,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4673,7 +4673,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4726,7 +4726,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4785,7 +4785,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4847,7 +4847,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4910,7 +4910,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -4978,7 +4978,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5040,7 +5040,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5098,7 +5098,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5158,7 +5158,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5220,7 +5220,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5281,7 +5281,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5342,7 +5342,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5402,7 +5402,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5463,7 +5463,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5513,7 +5513,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5561,7 +5561,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5611,7 +5611,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5660,7 +5660,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -5710,7 +5710,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml index 9d7e1297cbe..99f45252c38 100644 --- a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: "{{{ _ingest.timestamp }}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - fingerprint: fields: - event.dataset diff --git a/packages/ti_anomali/data_stream/threatstream/sample_event.json b/packages/ti_anomali/data_stream/threatstream/sample_event.json index c8c7c87d313..5b7e06de7c7 100644 --- a/packages/ti_anomali/data_stream/threatstream/sample_event.json +++ b/packages/ti_anomali/data_stream/threatstream/sample_event.json @@ -35,7 +35,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index bd76c90f70a..38c956c9f68 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -44,7 +44,7 @@ An example event for `limo` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", @@ -219,7 +219,7 @@ An example event for `threatstream` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 91d43a719c7..a1232ff9fec 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: 1.2.1 +version: 1.3.0 release: ga description: Collect threat intelligence from Anomali APIs with Elastic Agent. type: integration From cf52b79cb743c2e53b2d5b71ed698a62f598bf96 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 12:51:26 -0600 Subject: [PATCH 05/19] Update ti_cybersixgill to ECS 8.2 --- packages/ti_cybersixgill/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-cybersixgill.json-expected.json | 2 +- .../threat/elasticsearch/ingest_pipeline/default.yml | 2 +- .../ti_cybersixgill/data_stream/threat/sample_event.json | 2 +- packages/ti_cybersixgill/docs/README.md | 2 +- packages/ti_cybersixgill/manifest.yml | 2 +- 6 files changed, 10 insertions(+), 5 deletions(-) diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index bdcb6bbddb7..a66641f030f 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill.json-expected.json b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill.json-expected.json index 13edbec98c5..3790c4ee729 100644 --- a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill.json-expected.json +++ b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "cybersixgill": { "actor": "RedBeardIOCs", diff --git a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 02ee5f46b20..d72d2b29d13 100644 --- a/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_cybersixgill/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ processors: if: ctx.json?.cybersixgill == null - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_cybersixgill/data_stream/threat/sample_event.json b/packages/ti_cybersixgill/data_stream/threat/sample_event.json index 973fb4a6052..052bf5bd761 100644 --- a/packages/ti_cybersixgill/data_stream/threat/sample_event.json +++ b/packages/ti_cybersixgill/data_stream/threat/sample_event.json @@ -26,7 +26,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/ti_cybersixgill/docs/README.md b/packages/ti_cybersixgill/docs/README.md index 1ac6fbed972..a62607e1949 100644 --- a/packages/ti_cybersixgill/docs/README.md +++ b/packages/ti_cybersixgill/docs/README.md @@ -124,7 +124,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/ti_cybersixgill/manifest.yml b/packages/ti_cybersixgill/manifest.yml index 81148ac781b..f6493c8190e 100644 --- a/packages/ti_cybersixgill/manifest.yml +++ b/packages/ti_cybersixgill/manifest.yml @@ -1,6 +1,6 @@ name: ti_cybersixgill title: Cybersixgill -version: 1.2.0 +version: 1.3.0 release: ga description: This Elastic integration collects threat intelligence from Cybersixgill type: integration From 28ef712e5b897292e1f3de70c44679266fcf3989 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 12:56:18 -0600 Subject: [PATCH 06/19] Update ti_misp to ECS 8.2 --- packages/ti_misp/_dev/build/build.yml | 2 +- packages/ti_misp/changelog.yml | 5 ++ ...t-misp-attributes-ndjson.log-expected.json | 52 +++++++++---------- .../test-misp-sample-ndjson.log-expected.json | 30 +++++------ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threat/sample_event.json | 2 +- packages/ti_misp/docs/README.md | 2 +- packages/ti_misp/manifest.yml | 2 +- 8 files changed, 51 insertions(+), 46 deletions(-) diff --git a/packages/ti_misp/_dev/build/build.yml b/packages/ti_misp/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_misp/_dev/build/build.yml +++ b/packages/ti_misp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index 60234f86118..217c2b2e6b7 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json index e3b6eb232ec..66ecb8e207c 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-05-21T09:09:22.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -79,7 +79,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -155,7 +155,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -229,7 +229,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -301,7 +301,7 @@ { "@timestamp": "2021-05-21T09:20:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -373,7 +373,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -464,7 +464,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -555,7 +555,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -650,7 +650,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -745,7 +745,7 @@ { "@timestamp": "2021-05-21T10:22:12.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -838,7 +838,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -911,7 +911,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -988,7 +988,7 @@ { "@timestamp": "2021-05-21T10:09:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1063,7 +1063,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1136,7 +1136,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1209,7 +1209,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1282,7 +1282,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1359,7 +1359,7 @@ { "@timestamp": "2021-05-21T10:19:39.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1434,7 +1434,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1525,7 +1525,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1616,7 +1616,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1707,7 +1707,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1798,7 +1798,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1889,7 +1889,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1984,7 +1984,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2079,7 +2079,7 @@ { "@timestamp": "2021-05-28T11:19:41.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json index bc1e97c832f..b0a8b3e4e4e 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -82,7 +82,7 @@ { "@timestamp": "2017-08-28T14:24:36.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -160,7 +160,7 @@ { "@timestamp": "2017-04-28T18:23:44.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -238,7 +238,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -314,7 +314,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -386,7 +386,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -460,7 +460,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -532,7 +532,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -608,7 +608,7 @@ { "@timestamp": "2014-10-06T07:12:57.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -682,7 +682,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -762,7 +762,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -834,7 +834,7 @@ { "@timestamp": "2018-08-28T13:20:17.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -912,7 +912,7 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -985,7 +985,7 @@ { "@timestamp": "2018-01-23T16:09:56.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1058,7 +1058,7 @@ { "@timestamp": "2020-12-13T14:03:16.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 9456fa99ffc..5eed4995a49 100644 --- a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_misp/data_stream/threat/sample_event.json b/packages/ti_misp/data_stream/threat/sample_event.json index e75fb535c2f..20d9751c3bf 100644 --- a/packages/ti_misp/data_stream/threat/sample_event.json +++ b/packages/ti_misp/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_misp/docs/README.md b/packages/ti_misp/docs/README.md index ea2f50b448e..da04047fa01 100644 --- a/packages/ti_misp/docs/README.md +++ b/packages/ti_misp/docs/README.md @@ -170,7 +170,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_misp/manifest.yml b/packages/ti_misp/manifest.yml index 9dbcbe870ce..43ccb7c7ac5 100644 --- a/packages/ti_misp/manifest.yml +++ b/packages/ti_misp/manifest.yml @@ -1,6 +1,6 @@ name: ti_misp title: MISP -version: 1.2.0 +version: 1.3.0 release: ga description: This Elastic integration collects events from MISP type: integration From 9213404a20b08074b9d3c2efe37fd445d5a3b20a Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:02:30 -0600 Subject: [PATCH 07/19] Update ti_otx to ECS 8.2 --- packages/ti_otx/_dev/build/build.yml | 2 +- packages/ti_otx/changelog.yml | 5 + .../test-otx-sample-ndjson.log-expected.json | 166 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threat/sample_event.json | 2 +- packages/ti_otx/docs/README.md | 2 +- packages/ti_otx/manifest.yml | 2 +- 7 files changed, 93 insertions(+), 88 deletions(-) diff --git a/packages/ti_otx/_dev/build/build.yml b/packages/ti_otx/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_otx/_dev/build/build.yml +++ b/packages/ti_otx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index d2418787c87..8412e838b2b 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json index 0174fa33457..359b0e773d1 100644 --- a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json +++ b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -24,7 +24,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -53,7 +53,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -77,7 +77,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -99,7 +99,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -125,7 +125,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -153,7 +153,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -179,7 +179,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -207,7 +207,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -229,7 +229,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -255,7 +255,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -309,7 +309,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -361,7 +361,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -387,7 +387,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -413,7 +413,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -439,7 +439,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -468,7 +468,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -526,7 +526,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -555,7 +555,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -583,7 +583,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -609,7 +609,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -635,7 +635,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -663,7 +663,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -689,7 +689,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -718,7 +718,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -747,7 +747,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -773,7 +773,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -802,7 +802,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -831,7 +831,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -853,7 +853,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -879,7 +879,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -905,7 +905,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -933,7 +933,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -961,7 +961,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -987,7 +987,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1015,7 +1015,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1043,7 +1043,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1069,7 +1069,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1098,7 +1098,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1127,7 +1127,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1156,7 +1156,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1185,7 +1185,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1209,7 +1209,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1231,7 +1231,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1253,7 +1253,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1281,7 +1281,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1309,7 +1309,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1337,7 +1337,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1365,7 +1365,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1393,7 +1393,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1421,7 +1421,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1449,7 +1449,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1471,7 +1471,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1493,7 +1493,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1515,7 +1515,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1537,7 +1537,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1559,7 +1559,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1585,7 +1585,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1607,7 +1607,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1629,7 +1629,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1651,7 +1651,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1675,7 +1675,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1699,7 +1699,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1723,7 +1723,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1747,7 +1747,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1771,7 +1771,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1795,7 +1795,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1819,7 +1819,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1843,7 +1843,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1867,7 +1867,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1895,7 +1895,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1923,7 +1923,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1951,7 +1951,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -1979,7 +1979,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2003,7 +2003,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2025,7 +2025,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2047,7 +2047,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2076,7 +2076,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2104,7 +2104,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -2132,7 +2132,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 494d667a7a3..7feea82c196 100644 --- a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_otx/data_stream/threat/sample_event.json b/packages/ti_otx/data_stream/threat/sample_event.json index a8dae6f4be6..7b810fabf2f 100644 --- a/packages/ti_otx/data_stream/threat/sample_event.json +++ b/packages/ti_otx/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_otx/docs/README.md b/packages/ti_otx/docs/README.md index 7ec4321fdc1..68448e3b8ee 100644 --- a/packages/ti_otx/docs/README.md +++ b/packages/ti_otx/docs/README.md @@ -111,7 +111,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_otx/manifest.yml b/packages/ti_otx/manifest.yml index 493ca7e5556..b9d4e3eab8c 100644 --- a/packages/ti_otx/manifest.yml +++ b/packages/ti_otx/manifest.yml @@ -1,6 +1,6 @@ name: ti_otx title: AlienVault OTX -version: 1.2.0 +version: 1.3.0 release: ga description: Collect threat intelligence from AlienVault OTX with Elastic Agent. type: integration From 7421e2876f725557e61263e63e66cf587ab6af6c Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:06:54 -0600 Subject: [PATCH 08/19] Update ti_threatq to ECS 8.2 --- packages/ti_threatq/_dev/build/build.yml | 2 +- packages/ti_threatq/changelog.yml | 5 +++++ ...st-threatq-sample-ndjson.log-expected.json | 20 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/threat/sample_event.json | 2 +- packages/ti_threatq/docs/README.md | 2 +- packages/ti_threatq/manifest.yml | 2 +- 7 files changed, 20 insertions(+), 15 deletions(-) diff --git a/packages/ti_threatq/_dev/build/build.yml b/packages/ti_threatq/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/ti_threatq/_dev/build/build.yml +++ b/packages/ti_threatq/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index 004f8676bb7..c5e516d945b 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json index 4025acce97d..095824d0ea9 100644 --- a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json +++ b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -53,7 +53,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -103,7 +103,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -153,7 +153,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -197,7 +197,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -247,7 +247,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -305,7 +305,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -355,7 +355,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -405,7 +405,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -455,7 +455,7 @@ { "@timestamp": "2020-11-15T00:00:02.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", diff --git a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index be43fea36bd..a27bedc1b8b 100644 --- a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -9,7 +9,7 @@ processors: value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: event.kind value: enrichment diff --git a/packages/ti_threatq/data_stream/threat/sample_event.json b/packages/ti_threatq/data_stream/threat/sample_event.json index cf0d8f95b16..8ad9ee98bdf 100644 --- a/packages/ti_threatq/data_stream/threat/sample_event.json +++ b/packages/ti_threatq/data_stream/threat/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_threatq/docs/README.md b/packages/ti_threatq/docs/README.md index 5fa9fd10422..51e5c606a40 100644 --- a/packages/ti_threatq/docs/README.md +++ b/packages/ti_threatq/docs/README.md @@ -114,7 +114,7 @@ An example event for `threat` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9cb9fa70-f3e9-45d8-b1cb-61425bd93e1a", diff --git a/packages/ti_threatq/manifest.yml b/packages/ti_threatq/manifest.yml index 208d6687796..4cef7a0b0d8 100644 --- a/packages/ti_threatq/manifest.yml +++ b/packages/ti_threatq/manifest.yml @@ -1,6 +1,6 @@ name: ti_threatq title: ThreatQuotient -version: 1.2.0 +version: 1.3.0 release: ga description: This Elastic integration collects threat intelligence from ThreatQuotient type: integration From 75fb1cd74b50912aee7e1287a41e60c462a007de Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:11:15 -0600 Subject: [PATCH 09/19] Update tomcat to ECS 8.2 --- packages/tomcat/_dev/build/build.yml | 2 +- packages/tomcat/changelog.yml | 5 + .../pipeline/test-generated.log-expected.json | 200 +++++++++--------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../tomcat/data_stream/log/sample_event.json | 2 +- packages/tomcat/manifest.yml | 2 +- 6 files changed, 109 insertions(+), 104 deletions(-) diff --git a/packages/tomcat/_dev/build/build.yml b/packages/tomcat/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/tomcat/_dev/build/build.yml +++ b/packages/tomcat/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/tomcat/changelog.yml b/packages/tomcat/changelog.yml index ea6ca28bf26..74281e0c07e 100644 --- a/packages/tomcat/changelog.yml +++ b/packages/tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.3.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 898c24c6dcc..e3f85d61b15 100644 --- a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078826810Z" @@ -14,7 +14,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078830153Z" @@ -26,7 +26,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078831224Z" @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078832137Z" @@ -50,7 +50,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078833057Z" @@ -62,7 +62,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078833945Z" @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078834809Z" @@ -86,7 +86,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078835670Z" @@ -98,7 +98,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078836523Z" @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078837386Z" @@ -122,7 +122,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078838275Z" @@ -134,7 +134,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078839324Z" @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078840200Z" @@ -158,7 +158,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078841073Z" @@ -170,7 +170,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078841945Z" @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078842847Z" @@ -194,7 +194,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078843866Z" @@ -206,7 +206,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078844745Z" @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078845614Z" @@ -230,7 +230,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078846482Z" @@ -242,7 +242,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078847365Z" @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078848252Z" @@ -266,7 +266,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078849117Z" @@ -278,7 +278,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078850125Z" @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078851058Z" @@ -302,7 +302,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078856698Z" @@ -314,7 +314,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078857704Z" @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078858573Z" @@ -338,7 +338,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078859446Z" @@ -350,7 +350,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078860329Z" @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078861270Z" @@ -374,7 +374,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078862131Z" @@ -386,7 +386,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078863022Z" @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078863889Z" @@ -410,7 +410,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078864914Z" @@ -422,7 +422,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078865841Z" @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078866761Z" @@ -446,7 +446,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078867688Z" @@ -458,7 +458,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078868610Z" @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078869531Z" @@ -482,7 +482,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078870449Z" @@ -494,7 +494,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078871371Z" @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078872313Z" @@ -518,7 +518,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078873253Z" @@ -530,7 +530,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078874196Z" @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078875122Z" @@ -554,7 +554,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078876050Z" @@ -566,7 +566,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078876985Z" @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078877913Z" @@ -590,7 +590,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078878843Z" @@ -602,7 +602,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078879877Z" @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078880821Z" @@ -626,7 +626,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078881751Z" @@ -638,7 +638,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078882679Z" @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078883634Z" @@ -662,7 +662,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078884566Z" @@ -674,7 +674,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078885496Z" @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078886422Z" @@ -698,7 +698,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078887352Z" @@ -710,7 +710,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078888279Z" @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078889228Z" @@ -734,7 +734,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078890152Z" @@ -746,7 +746,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078891082Z" @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078893485Z" @@ -770,7 +770,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078894426Z" @@ -782,7 +782,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078895356Z" @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078896280Z" @@ -806,7 +806,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078897211Z" @@ -818,7 +818,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078898140Z" @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078899070Z" @@ -842,7 +842,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078900058Z" @@ -854,7 +854,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078900982Z" @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078901913Z" @@ -878,7 +878,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078902845Z" @@ -890,7 +890,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078903884Z" @@ -902,7 +902,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078904821Z" @@ -914,7 +914,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078905753Z" @@ -926,7 +926,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078906684Z" @@ -938,7 +938,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078907617Z" @@ -950,7 +950,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078908549Z" @@ -962,7 +962,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078909486Z" @@ -974,7 +974,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078910421Z" @@ -986,7 +986,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078911374Z" @@ -998,7 +998,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078912333Z" @@ -1010,7 +1010,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078913271Z" @@ -1022,7 +1022,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078914205Z" @@ -1034,7 +1034,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078915134Z" @@ -1046,7 +1046,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078916072Z" @@ -1058,7 +1058,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078917008Z" @@ -1070,7 +1070,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078917949Z" @@ -1082,7 +1082,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078918881Z" @@ -1094,7 +1094,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078919812Z" @@ -1106,7 +1106,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078920743Z" @@ -1118,7 +1118,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078921673Z" @@ -1130,7 +1130,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078922604Z" @@ -1142,7 +1142,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078923534Z" @@ -1154,7 +1154,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078924489Z" @@ -1166,7 +1166,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078925450Z" @@ -1178,7 +1178,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078926387Z" @@ -1190,7 +1190,7 @@ }, { "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "ingested": "2022-01-25T13:05:27.078927311Z" diff --git a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml index bd45092f915..b54c319fc3b 100644 --- a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/tomcat/data_stream/log/sample_event.json b/packages/tomcat/data_stream/log/sample_event.json index 65e69b7e783..638afcab0c2 100644 --- a/packages/tomcat/data_stream/log/sample_event.json +++ b/packages/tomcat/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/tomcat/manifest.yml b/packages/tomcat/manifest.yml index 1c377b96f30..a87e45debf7 100644 --- a/packages/tomcat/manifest.yml +++ b/packages/tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: tomcat title: Apache Tomcat -version: 1.3.0 +version: 1.4.0 description: Collect and parse logs from Apache Tomcat servers with Elastic Agent. categories: ["web", "security"] release: ga From 78fb51cd6bd488774a562e36e7937df067ce9af1 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:13:00 -0600 Subject: [PATCH 10/19] Update udp to ECS 8.2 --- packages/udp/_dev/build/build.yml | 2 +- packages/udp/changelog.yml | 5 +++++ packages/udp/data_stream/generic/sample_event.json | 2 +- packages/udp/manifest.yml | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/packages/udp/_dev/build/build.yml b/packages/udp/_dev/build/build.yml index 08d85edcf9a..d61527283ec 100644 --- a/packages/udp/_dev/build/build.yml +++ b/packages/udp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@8.2 diff --git a/packages/udp/changelog.yml b/packages/udp/changelog.yml index 75c95325622..752947ab3cf 100644 --- a/packages/udp/changelog.yml +++ b/packages/udp/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.0" + changes: + - description: Update ECS to 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.0.1" changes: - description: Fixing typo in manifest for listen address diff --git a/packages/udp/data_stream/generic/sample_event.json b/packages/udp/data_stream/generic/sample_event.json index 5313c82a42d..a3ea74519ee 100644 --- a/packages/udp/data_stream/generic/sample_event.json +++ b/packages/udp/data_stream/generic/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "1.11.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c979ad84-c568-4e38-81eb-76da479696a1", diff --git a/packages/udp/manifest.yml b/packages/udp/manifest.yml index b9a5924764f..313aaa0808e 100644 --- a/packages/udp/manifest.yml +++ b/packages/udp/manifest.yml @@ -3,7 +3,7 @@ name: udp title: Custom UDP Logs description: Collect raw UDP data from listening UDP port with Elastic Agent. type: integration -version: 1.0.1 +version: 1.1.0 release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" From 4fc07eaba458002847058491e5b1c8983306e834 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:19:01 -0600 Subject: [PATCH 11/19] Update winlog to ECS 8.2 --- packages/winlog/_dev/build/build.yml | 2 +- packages/winlog/changelog.yml | 5 +++++ packages/winlog/docs/README.md | 2 +- packages/winlog/manifest.yml | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/packages/winlog/_dev/build/build.yml b/packages/winlog/_dev/build/build.yml index a138b554aa0..d61527283ec 100644 --- a/packages/winlog/_dev/build/build.yml +++ b/packages/winlog/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.11 + reference: git@8.2 diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index 93fa85cff7b..6562da687a4 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.4.0" changes: - description: Expose winlog input ignore_older option. diff --git a/packages/winlog/docs/README.md b/packages/winlog/docs/README.md index 942ad4797a2..34329c54271 100644 --- a/packages/winlog/docs/README.md +++ b/packages/winlog/docs/README.md @@ -34,7 +34,7 @@ To achieve this, `renderXml` needs to be set to `1` in your [inputs.conf](https: | event.module | Event module | constant_keyword | | input.type | Type of Filebeat input. | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | tags | User defined tags | keyword | | winlog.activity_id | A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. | keyword | | winlog.api | The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. The Event Logging API was designed for Windows Server 2003 or Windows 2000 operating systems. In Windows Vista, the event logging infrastructure was redesigned. On Windows Vista or later operating systems, the Windows Event Log API is used. Winlogbeat automatically detects which API to use for reading event logs. | keyword | diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index 32c6341ccc4..15f5a35950c 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -3,7 +3,7 @@ name: winlog title: Custom Windows Event Logs description: Collect and parse logs from any Windows event log channel with Elastic Agent. type: integration -version: 1.4.0 +version: 1.5.0 release: ga conditions: kibana.version: '^7.16.0 || ^8.0.0' From fa9bd8d57e0b174220bbcdba114e260044028f33 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:37:16 -0600 Subject: [PATCH 12/19] Update zeek to ECS 8.2 --- packages/zeek/_dev/build/build.yml | 2 +- packages/zeek/changelog.yml | 5 +++ .../test-capture-loss.log-expected.json | 12 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-conn.log-expected.json | 36 +++++++++---------- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-dce-rpc.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-dhcp.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-dnp3.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-dns.log-expected.json | 16 ++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-dpd.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-files.log-expected.json | 18 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ftp.log-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-http.log-expected.json | 18 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-intel.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-irc.log-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-kerberos.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-modbus.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-mysql.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-notice.log-expected.json | 10 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ntlm.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ntp.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ocsp.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-pe.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-radius.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-rdp.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-rfb.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-signature.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-sip.log-expected.json | 12 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-smb-cmd.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-smb-files.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test-smb-mapping.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-smtp.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-snmp.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-socks.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ssh.log-expected.json | 10 +++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-ssl.log-expected.json | 20 +++++------ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-stats.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test-traceroute.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-tunnel.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pipeline/test-weird.log-expected.json | 6 ++-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test/pipeline/test-x509.log-expected.json | 4 +-- .../elasticsearch/ingest_pipeline/default.yml | 2 +- packages/zeek/manifest.yml | 2 +- 80 files changed, 187 insertions(+), 182 deletions(-) diff --git a/packages/zeek/_dev/build/build.yml b/packages/zeek/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zeek/_dev/build/build.yml +++ b/packages/zeek/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 45ef5b72fa0..d1b9641a833 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.6.0" changes: - description: Update to ECS 8.0 diff --git a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json index e1717a48fd0..df3b79de48e 100644 --- a/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json +++ b/packages/zeek/data_stream/capture_loss/_dev/test/pipeline/test-capture-loss.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -27,7 +27,7 @@ { "@timestamp": "2021-03-30T00:04:00.941Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -51,7 +51,7 @@ { "@timestamp": "2021-03-30T00:19:00.942Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -75,7 +75,7 @@ { "@timestamp": "2021-03-30T00:34:00.942Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -99,7 +99,7 @@ { "@timestamp": "2021-03-30T00:49:00.942Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -123,7 +123,7 @@ { "@timestamp": "2019-09-10T16:19:28.465Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml index 4f050212bc3..64ee568df74 100644 --- a/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - date: field: zeek.capture_loss.ts formats: diff --git a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json index f7e976dc252..fa7c6801da2 100644 --- a/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json +++ b/packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json @@ -10,7 +10,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -91,7 +91,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -172,7 +172,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -269,7 +269,7 @@ "packets": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -427,7 +427,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -506,7 +506,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -585,7 +585,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -646,7 +646,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -708,7 +708,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -770,7 +770,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -832,7 +832,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -894,7 +894,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -956,7 +956,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -1016,7 +1016,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -1076,7 +1076,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -1154,7 +1154,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -1242,7 +1242,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml index 4a2c9d8f4e6..bba287f0884 100644 --- a/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/connection/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json index de4913accca..084ae9146cc 100644 --- a/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json +++ b/packages/zeek/data_stream/dce_rpc/_dev/test/pipeline/test-dce-rpc.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "BrowserrQueryOtherDomains", @@ -62,7 +62,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "BrowserrQueryOtherDomains", diff --git a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml index 74797bf26bc..23954cb743a 100644 --- a/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dce_rpc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json index 3abd6ddb976..ffb24e0ffab 100644 --- a/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/zeek/data_stream/dhcp/_dev/test/pipeline/test-dhcp.log-expected.json @@ -11,7 +11,7 @@ "port": 67 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -91,7 +91,7 @@ "port": 67 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -165,7 +165,7 @@ "port": 67 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml index 41cc6b2c024..ab1f20f072e 100644 --- a/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml @@ -23,7 +23,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json index dbc76b0f343..5d4153b6fb5 100644 --- a/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json +++ b/packages/zeek/data_stream/dnp3/_dev/test/pipeline/test-dnp3.log-expected.json @@ -8,7 +8,7 @@ "port": 20000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "read", @@ -60,7 +60,7 @@ "port": 20000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "read", diff --git a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml index 1fad80a0b1b..cee9af148cc 100644 --- a/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dnp3/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 3f540e5d438..2a32e407013 100644 --- a/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zeek/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -42,7 +42,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -125,7 +125,7 @@ "type": "query" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -201,7 +201,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -297,7 +297,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -395,7 +395,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -534,7 +534,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -650,7 +650,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -734,7 +734,7 @@ "type": "answer" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 3d9df3f54d9..b644e013216 100644 --- a/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json index 93bfa45f684..f694dd8452c 100644 --- a/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json +++ b/packages/zeek/data_stream/dpd/_dev/test/pipeline/test-dpd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -57,7 +57,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml index 8bf55b4fe05..7b6b01f0cf7 100644 --- a/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/dpd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json index 96dc36da3ba..4a6a0267962 100644 --- a/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json +++ b/packages/zeek/data_stream/files/_dev/test/pipeline/test-files.log-expected.json @@ -6,7 +6,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -78,7 +78,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -150,7 +150,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -222,7 +222,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -298,7 +298,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -374,7 +374,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -450,7 +450,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -522,7 +522,7 @@ "ip": "10.156.0.2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -598,7 +598,7 @@ "ip": "10.178.98.102" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml index de77b603d21..ab428a1072f 100644 --- a/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json index bbd96f4dade..1713c7838ac 100644 --- a/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json +++ b/packages/zeek/data_stream/ftp/_dev/test/pipeline/test-ftp.log-expected.json @@ -8,7 +8,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EPSV", @@ -77,7 +77,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RETR", @@ -144,7 +144,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "STOR", @@ -208,7 +208,7 @@ "port": 21 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "STOR", diff --git a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml index fe0fd2315e1..d9c6c67abe8 100644 --- a/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ftp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json index a46917c6e81..37e5108ea62 100644 --- a/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json +++ b/packages/zeek/data_stream/http/_dev/test/pipeline/test-http.log-expected.json @@ -26,7 +26,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GET", @@ -138,7 +138,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GET", @@ -244,7 +244,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -335,7 +335,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -426,7 +426,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -517,7 +517,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -608,7 +608,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -699,7 +699,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GET", @@ -795,7 +795,7 @@ "port": 7000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GET", diff --git a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml index d9935a8e86e..6890b37b9d5 100644 --- a/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/http/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json index 82e24747309..180e91ec47e 100644 --- a/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json +++ b/packages/zeek/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json @@ -26,7 +26,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -98,7 +98,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml index 35669d8b035..9b6de052b23 100644 --- a/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/intel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: enrichment - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: threat diff --git a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json index 23551e54618..d8e4017f44b 100644 --- a/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json +++ b/packages/zeek/data_stream/irc/_dev/test/pipeline/test-irc.log-expected.json @@ -26,7 +26,7 @@ "port": 8000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USER", @@ -97,7 +97,7 @@ "port": 8000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NICK", @@ -174,7 +174,7 @@ "port": 8000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "JOIN", @@ -252,7 +252,7 @@ "port": 8000 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "JOIN", diff --git a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml index 88ca30b5a9e..7dab55e0643 100644 --- a/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/irc/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json index 70db7c353b4..9a5830a6bdd 100644 --- a/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json +++ b/packages/zeek/data_stream/kerberos/_dev/test/pipeline/test-kerberos.log-expected.json @@ -11,7 +11,7 @@ "port": 88 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TGS", @@ -117,7 +117,7 @@ "port": 88 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TGS", diff --git a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml index 9984fe00f2a..65cb1102323 100644 --- a/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json index eefa6c3b2fd..b2ab760d806 100644 --- a/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json +++ b/packages/zeek/data_stream/modbus/_dev/test/pipeline/test-modbus.log-expected.json @@ -8,7 +8,7 @@ "port": 502 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "READ_COILS", @@ -59,7 +59,7 @@ "port": 502 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "READ_COILS", diff --git a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml index a1982eae61a..eadf6392956 100644 --- a/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/modbus/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json index 0046c1dc382..b415e326e08 100644 --- a/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json +++ b/packages/zeek/data_stream/mysql/_dev/test/pipeline/test-mysql.log-expected.json @@ -8,7 +8,7 @@ "port": 3306 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "query", @@ -63,7 +63,7 @@ "port": 3306 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "query", diff --git a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml index b858a3408df..73cc853ac05 100644 --- a/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json index aac6404d2d0..0c4214ef700 100644 --- a/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json +++ b/packages/zeek/data_stream/notice/_dev/test/pipeline/test-notice.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-11-04T19:44:35.879Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -137,7 +137,7 @@ { "@timestamp": "2021-03-30T09:49:00.958Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -194,7 +194,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -270,7 +270,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml index 451ef44c427..0e1ff118bd8 100644 --- a/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/notice/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: alert - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: intrusion_detection diff --git a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json index 715f4d7ba2e..aee721c9b39 100644 --- a/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json +++ b/packages/zeek/data_stream/ntlm/_dev/test/pipeline/test-ntlm.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml index 8734b4f1f9a..f9a93083419 100644 --- a/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntlm/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json index fc46a924312..29b0b81453e 100644 --- a/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json +++ b/packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json @@ -26,7 +26,7 @@ "port": 123 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -122,7 +122,7 @@ "port": 123 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml index f909d3df7e2..4c4b978b5f2 100644 --- a/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: event diff --git a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json index fcb0058dfdc..010d35ac4cd 100644 --- a/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json +++ b/packages/zeek/data_stream/ocsp/_dev/test/pipeline/test-ocsp.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2011-06-10T13:27:01.847Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -41,7 +41,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -76,7 +76,7 @@ { "@timestamp": "2011-06-08T19:46:56.100Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml index 59eadcc2bee..a3623d50642 100644 --- a/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ocsp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: network.transport value: tcp diff --git a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json index e70ebb6030c..38af29f3453 100644 --- a/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json +++ b/packages/zeek/data_stream/pe/_dev/test/pipeline/test-pe.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -49,7 +49,7 @@ { "@timestamp": "2017-10-09T16:13:19.578Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml index 1900d212c19..d088ca43e66 100644 --- a/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/pe/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: file diff --git a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json index 38f3fab3220..69b99e53823 100644 --- a/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json +++ b/packages/zeek/data_stream/radius/_dev/test/pipeline/test-radius.log-expected.json @@ -8,7 +8,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -67,7 +67,7 @@ "port": 1812 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml index 86a9ddb537e..68bc5af8ec6 100644 --- a/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/radius/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json index 1688a21aac9..7d0ca13c8ef 100644 --- a/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json +++ b/packages/zeek/data_stream/rdp/_dev/test/pipeline/test-rdp.log-expected.json @@ -8,7 +8,7 @@ "port": 3389 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -65,7 +65,7 @@ "port": 3389 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml index 527b57a520c..0b9239802b6 100644 --- a/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rdp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json index 909a0de91a8..3185c231ad8 100644 --- a/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json +++ b/packages/zeek/data_stream/rfb/_dev/test/pipeline/test-rfb.log-expected.json @@ -8,7 +8,7 @@ "port": 5900 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -74,7 +74,7 @@ "port": 5900 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml index 047c7d2b505..d4a40669195 100644 --- a/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/rfb/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json index bfbf8c71f29..b188eddbaf3 100644 --- a/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json +++ b/packages/zeek/data_stream/signature/_dev/test/pipeline/test-signature.log-expected.json @@ -26,7 +26,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml index 8b78f90eea8..496fef99875 100644 --- a/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml @@ -24,7 +24,7 @@ processors: copy_from: "@timestamp" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: alert diff --git a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json index 6f84a12696a..ea6626fbd25 100644 --- a/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/zeek/data_stream/sip/_dev/test/pipeline/test-sip.log-expected.json @@ -26,7 +26,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REGISTER", @@ -126,7 +126,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "INVITE", @@ -245,7 +245,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REGISTER", @@ -343,7 +343,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "OPTIONS", @@ -432,7 +432,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "OPTIONS", @@ -539,7 +539,7 @@ "port": 5060 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REGISTER", diff --git a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml index 4aeab81cc2a..5715594d2bb 100644 --- a/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/sip/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json index d39eef0306d..8778d4660a2 100644 --- a/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json +++ b/packages/zeek/data_stream/smb_cmd/_dev/test/pipeline/test-smb-cmd.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NT_CREATE_ANDX", @@ -74,7 +74,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NT_CREATE_ANDX", diff --git a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml index 4d46a6854d7..95e997eaaf4 100644 --- a/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_cmd/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json index 2b84ded7deb..5d8dd6e1557 100644 --- a/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json +++ b/packages/zeek/data_stream/smb_files/_dev/test/pipeline/test-smb-files.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SMB::FILE_OPEN", @@ -78,7 +78,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SMB::FILE_OPEN", diff --git a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml index 17ded4779a0..b83f7694983 100644 --- a/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_files/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json index fac4eed0592..6faab414fa3 100644 --- a/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json +++ b/packages/zeek/data_stream/smb_mapping/_dev/test/pipeline/test-smb-mapping.log-expected.json @@ -8,7 +8,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -58,7 +58,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml index 0a42d138fa5..16e5f99675a 100644 --- a/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smb_mapping/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json index 527af487fe0..0c2767f1701 100644 --- a/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json +++ b/packages/zeek/data_stream/smtp/_dev/test/pipeline/test-smtp.log-expected.json @@ -8,7 +8,7 @@ "port": 25 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 25 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml index b812255572c..bb7b23af88a 100644 --- a/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json index 75498fafee1..4b774af2e79 100644 --- a/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json +++ b/packages/zeek/data_stream/snmp/_dev/test/pipeline/test-snmp.log-expected.json @@ -8,7 +8,7 @@ "port": 161 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -68,7 +68,7 @@ "port": 161 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -145,7 +145,7 @@ "port": 161 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml index e9dcf482efb..dc178f2c1f6 100644 --- a/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/snmp/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json index 87ca06abeb0..c3ee99484db 100644 --- a/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json +++ b/packages/zeek/data_stream/socks/_dev/test/pipeline/test-socks.log-expected.json @@ -8,7 +8,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -66,7 +66,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml index e01a500e8b6..2550b213faa 100644 --- a/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/socks/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json index d31aded7521..87b984d74b5 100644 --- a/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json +++ b/packages/zeek/data_stream/ssh/_dev/test/pipeline/test-ssh.log-expected.json @@ -8,7 +8,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -72,7 +72,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -143,7 +143,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -214,7 +214,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -285,7 +285,7 @@ "port": 22 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml index b78c97a3bcf..514d34d1d30 100644 --- a/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssh/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json index a441e4b886b..934857aaffd 100644 --- a/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json +++ b/packages/zeek/data_stream/ssl/_dev/test/pipeline/test-ssl.log-expected.json @@ -29,7 +29,7 @@ "port": 9243 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -154,7 +154,7 @@ "port": 9243 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -279,7 +279,7 @@ "port": 9243 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -404,7 +404,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -468,7 +468,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -548,7 +548,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -628,7 +628,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -726,7 +726,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -800,7 +800,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -898,7 +898,7 @@ "port": 9243 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml index a784ecd8e0b..d18e3cd5a1f 100644 --- a/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/ssl/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json index e4190ce74de..d77fac9a811 100644 --- a/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json +++ b/packages/zeek/data_stream/stats/_dev/test/pipeline/test-stats.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -65,7 +65,7 @@ { "@timestamp": "2016-10-16T08:17:58.714Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml index 2c90b966743..cbff62956ee 100644 --- a/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/stats/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: zeek.stats.mem target_field: zeek.stats.memory diff --git a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml index 8cb19372511..28a9b402b81 100644 --- a/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: network.protocol value: syslog diff --git a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json index 74701fb51ba..24e31991b53 100644 --- a/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json +++ b/packages/zeek/data_stream/traceroute/_dev/test/pipeline/test-traceroute.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -81,7 +81,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml index 3855c34b34f..0f3451e3043 100644 --- a/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/traceroute/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index d796e552870..4b890281863 100644 --- a/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zeek/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -26,7 +26,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Tunnel::DISCOVER", @@ -104,7 +104,7 @@ "port": 8080 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Tunnel::DISCOVER", diff --git a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index 76e61e7e045..d118d8f285c 100644 --- a/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json index 2d6f7b57153..d2ed6f6ca88 100644 --- a/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json +++ b/packages/zeek/data_stream/weird/_dev/test/pipeline/test-weird.log-expected.json @@ -8,7 +8,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -48,7 +48,7 @@ { "@timestamp": "2020-01-28T16:00:59.342Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -80,7 +80,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml index b99138da6e6..7d2b1edcf35 100644 --- a/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/weird/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: network diff --git a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json index cad0575a168..8fa0a412f49 100644 --- a/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json +++ b/packages/zeek/data_stream/x509/_dev/test/pipeline/test-x509.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", @@ -225,7 +225,7 @@ { "@timestamp": "2018-12-03T20:00:00.143Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "created": "2020-04-28T11:07:58.223Z", diff --git a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml index 94d03c334e3..ddaa08d64ba 100644 --- a/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zeek/data_stream/x509/elasticsearch/ingest_pipeline/default.yml @@ -26,7 +26,7 @@ processors: value: event - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.type value: info diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index a3a898738f9..69ac9fc58e2 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek Logs -version: 1.6.0 +version: 1.7.0 release: ga description: Collect and parse logs from Zeek network security with Elastic Agent. type: integration From dbe7d9b54f2587b6892b2025c6f6b8df213f67f2 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:40:48 -0600 Subject: [PATCH 13/19] Update zerofox to ECS 8.2 --- packages/zerofox/_dev/build/build.yml | 2 +- packages/zerofox/changelog.yml | 5 +++++ .../alerts/_dev/test/pipeline/test-alert.json-expected.json | 6 +++--- .../alerts/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/zerofox/manifest.yml | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/packages/zerofox/_dev/build/build.yml b/packages/zerofox/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zerofox/_dev/build/build.yml +++ b/packages/zerofox/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml index e984a731bc4..bd7d3c3ff60 100644 --- a/packages/zerofox/changelog.yml +++ b/packages/zerofox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.1 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json index affd2ae9a7a..be9dcbbed11 100644 --- a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json +++ b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-04-29T18:56:51.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "rule": { "name": "Advanced Domain Analysis - Typosquat Match", @@ -61,7 +61,7 @@ { "@timestamp": "2021-05-06T13:50:48.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "rule": { "name": "Mentions", @@ -128,7 +128,7 @@ { "@timestamp": "2021-05-05T19:22:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "rule": { "name": "Impersonation - Name", diff --git a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 2bd81eec897..6bc191278f9 100644 --- a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" ## Event JSON decoding. - rename: diff --git a/packages/zerofox/manifest.yml b/packages/zerofox/manifest.yml index c1eba0f0df9..bcba3369d6f 100644 --- a/packages/zerofox/manifest.yml +++ b/packages/zerofox/manifest.yml @@ -1,6 +1,6 @@ name: zerofox title: ZeroFox -version: 1.2.0 +version: 1.3.0 release: ga description: Collect data from ZeroFox Cloud Platform with Elastic Agent. type: integration From 9c6bb7df09778f4fb3aa19d34686893ffdf5cd19 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:44:33 -0600 Subject: [PATCH 14/19] Update zoom to ECS 8.2 --- packages/zoom/_dev/build/build.yml | 2 +- packages/zoom/changelog.yml | 5 ++++ .../pipeline/test-account.json-expected.json | 6 ++-- .../test-chat-channel.json-expected.json | 12 ++++---- .../test-chat-message.json-expected.json | 6 ++-- .../pipeline/test-meeting.json-expected.json | 30 +++++++++---------- .../pipeline/test-phone.json-expected.json | 22 +++++++------- .../test-recording.json-expected.json | 26 ++++++++-------- .../pipeline/test-user.json-expected.json | 26 ++++++++-------- .../pipeline/test-webinar.json-expected.json | 28 ++++++++--------- .../pipeline/test-zoomroom.json-expected.json | 8 ++--- .../elasticsearch/ingest_pipeline/default.yml | 2 +- packages/zoom/manifest.yml | 2 +- 13 files changed, 90 insertions(+), 85 deletions(-) diff --git a/packages/zoom/_dev/build/build.yml b/packages/zoom/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zoom/_dev/build/build.yml +++ b/packages/zoom/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zoom/changelog.yml b/packages/zoom/changelog.yml index 0ad594fa685..1abe4319c52 100644 --- a/packages/zoom/changelog.yml +++ b/packages/zoom/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json index 06693cdb731..34acd662dde 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -54,7 +54,7 @@ }, "@timestamp": "2019-07-01T17:03:04.527Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -109,7 +109,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json index 714e01639c6..1f6df58aafe 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json @@ -7,7 +7,7 @@ }, "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -49,7 +49,7 @@ }, "@timestamp": "2020-02-10T21:59:05.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -88,7 +88,7 @@ }, "@timestamp": "2020-02-10T21:59:05.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -127,7 +127,7 @@ }, "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -168,7 +168,7 @@ }, "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -207,7 +207,7 @@ }, "@timestamp": "2020-02-10T21:39:50.388Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json index f56777fa018..e21e3db2a9d 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json @@ -7,7 +7,7 @@ }, "@timestamp": "2020-02-11T22:02:11.930Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -50,7 +50,7 @@ }, "@timestamp": "2020-02-11T23:00:08.594Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -93,7 +93,7 @@ }, "@timestamp": "2020-02-11T23:00:08.594Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json index 927321fb540..ee04a984680 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -46,7 +46,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -90,7 +90,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -148,7 +148,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -192,7 +192,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -232,7 +232,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -273,7 +273,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -324,7 +324,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -375,7 +375,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -422,7 +422,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -475,7 +475,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -529,7 +529,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -572,7 +572,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -615,7 +615,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -662,7 +662,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json index f0e50746611..253394b47ab 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -54,7 +54,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -103,7 +103,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -150,7 +150,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -199,7 +199,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -244,7 +244,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -293,7 +293,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -342,7 +342,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -390,7 +390,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -448,7 +448,7 @@ "account_id": "EPebnxvbdn342MA" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "phone.caller_call_log_completed", @@ -473,7 +473,7 @@ "account_id": "EPeQt3543hvxzc" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "phone.callee_call_log_completed", diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json index 3dd4816f3af..318d444ea3c 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -51,7 +51,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -95,7 +95,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -139,7 +139,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -185,7 +185,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -233,7 +233,7 @@ }, "@timestamp": "2019-12-04T23:00:57.395Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -279,7 +279,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -325,7 +325,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -371,7 +371,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -417,7 +417,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -463,7 +463,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -513,7 +513,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -563,7 +563,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json index e42508c9ac5..4b7e8ac11e2 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -50,7 +50,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -93,7 +93,7 @@ }, "@timestamp": "2019-07-19T18:10:54.861Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -143,7 +143,7 @@ }, "@timestamp": "2019-07-19T21:47:06.929Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -202,7 +202,7 @@ }, "@timestamp": "2020-06-29T17:32:19.427Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -256,7 +256,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -306,7 +306,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -356,7 +356,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -406,7 +406,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -456,7 +456,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -496,7 +496,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -543,7 +543,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -584,7 +584,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json index 1f9bbf51535..ccf4a26f1f0 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json @@ -6,7 +6,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -50,7 +50,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -105,7 +105,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -149,7 +149,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -191,7 +191,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -233,7 +233,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -270,7 +270,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -324,7 +324,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -378,7 +378,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -430,7 +430,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -484,7 +484,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -536,7 +536,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -587,7 +587,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -636,7 +636,7 @@ "vendor": "Zoom" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json index 61718ad9cc8..52f543b70df 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json @@ -19,7 +19,7 @@ "account_id": "EPAbcdefyZslakjflP" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "zoomroom.alert", @@ -48,7 +48,7 @@ "account_id": "EPAbcdefyZslakjflP" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "zoomroom.delayed_alert", @@ -77,7 +77,7 @@ "account_id": "vhdnmf673q2543rfhgsca" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "zoomroom.checked_in", @@ -110,7 +110,7 @@ "account_id": "vhdnmf673q2543rfhgsca" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "zoomroom.checked_in", diff --git a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml index 17b3fcd9493..7904d34fa79 100644 --- a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml @@ -12,7 +12,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: 8.0.0 + value: 8.2.0 - script: description: Drops null/empty values recursively lang: painless diff --git a/packages/zoom/manifest.yml b/packages/zoom/manifest.yml index 8ded9454d99..4b8b103e657 100644 --- a/packages/zoom/manifest.yml +++ b/packages/zoom/manifest.yml @@ -1,6 +1,6 @@ name: zoom title: Zoom -version: 1.2.0 +version: 1.3.0 release: ga description: Collect data from Zoom Platform API with Elastic Agent. type: integration From 9e6b0a4a381809f035480c1ca923bfe4d8383303 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 28 Feb 2022 13:47:58 -0600 Subject: [PATCH 15/19] Update zscaler_zia to ECS 8.2 --- packages/zscaler_zia/_dev/build/build.yml | 2 +- packages/zscaler_zia/changelog.yml | 5 +++++ .../_dev/test/pipeline/test-alerts.log-expected.json | 6 +++--- .../alerts/elasticsearch/ingest_pipeline/default.yml | 2 +- .../zscaler_zia/data_stream/alerts/sample_event.json | 2 +- .../dns/_dev/test/pipeline/test-dns.log-expected.json | 2 +- .../dns/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/zscaler_zia/data_stream/dns/sample_event.json | 2 +- .../_dev/test/pipeline/test-firewall.log-expected.json | 2 +- .../firewall/elasticsearch/ingest_pipeline/default.yml | 2 +- .../zscaler_zia/data_stream/firewall/sample_event.json | 2 +- .../_dev/test/pipeline/test-tunnel.log-expected.json | 6 +++--- .../tunnel/elasticsearch/ingest_pipeline/default.yml | 2 +- .../zscaler_zia/data_stream/tunnel/sample_event.json | 2 +- .../web/_dev/test/pipeline/test-web.log-expected.json | 10 +++++----- .../web/elasticsearch/ingest_pipeline/default.yml | 2 +- packages/zscaler_zia/data_stream/web/sample_event.json | 2 +- packages/zscaler_zia/docs/README.md | 10 +++++----- packages/zscaler_zia/manifest.yml | 2 +- 19 files changed, 35 insertions(+), 30 deletions(-) diff --git a/packages/zscaler_zia/_dev/build/build.yml b/packages/zscaler_zia/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zscaler_zia/_dev/build/build.yml +++ b/packages/zscaler_zia/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index 3ecf65eb1b4..9c00d754d5f 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update ECS to 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json index a19f45c9247..22942b16e48 100644 --- a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json +++ b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-alerts.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "original": "\u003c114\u003eDec 10 14:04:28 [175.16.199.1] ZscalerNSS: Zscaler cloud configuration connection to 175.16.199.1:443 lost and unavailable for the past 2325.00 minutes" @@ -41,7 +41,7 @@ "port": 9012 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "original": "\u003c114\u003eDec 10 13:40:32 [81.2.69.193] ZscalerNSS: SIEM Feed connection \"DNS Logs Feed\" to 81.2.69.193:9012 lost and unavailable for the past 2440.00 minutes" @@ -74,7 +74,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "original": "\u003c114\u003eDec 10 13:44:07 [81.2.69.193] Hey, that's a new type of alert. Isn't it?" diff --git a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 8f9acf997c5..ecf2838641e 100644 --- a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler alert logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/alerts/sample_event.json b/packages/zscaler_zia/data_stream/alerts/sample_event.json index 0749ca369ad..ee7917801a3 100644 --- a/packages/zscaler_zia/data_stream/alerts/sample_event.json +++ b/packages/zscaler_zia/data_stream/alerts/sample_event.json @@ -19,7 +19,7 @@ "port": 9012 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 86a5cb3258d..89acc126516 100644 --- a/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/zscaler_zia/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", diff --git a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index cbad42a808a..d6361516e52 100644 --- a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler dns logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/dns/sample_event.json b/packages/zscaler_zia/data_stream/dns/sample_event.json index 86b91a6988c..b668ffd2eca 100644 --- a/packages/zscaler_zia/data_stream/dns/sample_event.json +++ b/packages/zscaler_zia/data_stream/dns/sample_event.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index 89906aa930a..9deec3338d7 100644 --- a/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/zscaler_zia/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -6,7 +6,7 @@ "bytes": 1734 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop", diff --git a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index f27a8cfea02..37e03b1b8d9 100644 --- a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler firewall logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/firewall/sample_event.json b/packages/zscaler_zia/data_stream/firewall/sample_event.json index d5914ddf13b..7af4124c4aa 100644 --- a/packages/zscaler_zia/data_stream/firewall/sample_event.json +++ b/packages/zscaler_zia/data_stream/firewall/sample_event.json @@ -17,7 +17,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json index 54bb7c4ed21..005d8cff8e4 100644 --- a/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json +++ b/packages/zscaler_zia/data_stream/tunnel/_dev/test/pipeline/test-tunnel.log-expected.json @@ -6,7 +6,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -93,7 +93,7 @@ "port": 500 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "network", @@ -156,7 +156,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "IPsec tunnel is up", diff --git a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index a62b7ab78ee..2aa4e04f47e 100644 --- a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler tunnel logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/tunnel/sample_event.json b/packages/zscaler_zia/data_stream/tunnel/sample_event.json index eebfed78d8f..b3aa970bfcf 100644 --- a/packages/zscaler_zia/data_stream/tunnel/sample_event.json +++ b/packages/zscaler_zia/data_stream/tunnel/sample_event.json @@ -17,7 +17,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json index 843447fd7e5..60dd7bde1fd 100644 --- a/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json +++ b/packages/zscaler_zia/data_stream/web/_dev/test/pipeline/test-web.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", @@ -229,7 +229,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", @@ -340,7 +340,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", @@ -451,7 +451,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blocked", diff --git a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml index bc5bf2cebf9..90c10a9c8e3 100644 --- a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler web logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zia/data_stream/web/sample_event.json b/packages/zscaler_zia/data_stream/web/sample_event.json index 7d38b9cbfee..061a72cef5a 100644 --- a/packages/zscaler_zia/data_stream/web/sample_event.json +++ b/packages/zscaler_zia/data_stream/web/sample_event.json @@ -23,7 +23,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/docs/README.md b/packages/zscaler_zia/docs/README.md index 7061e349800..a6ffea867e7 100644 --- a/packages/zscaler_zia/docs/README.md +++ b/packages/zscaler_zia/docs/README.md @@ -195,7 +195,7 @@ An example event for `alerts` looks as following: "port": 9012 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -365,7 +365,7 @@ An example event for `dns` looks as following: } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -555,7 +555,7 @@ An example event for `firewall` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -772,7 +772,7 @@ An example event for `tunnel` looks as following: "ip": "81.2.69.143" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -1003,7 +1003,7 @@ An example event for `web` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index adbe54947e9..512bcc59559 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zia title: "Zscaler Internet Access" -version: 0.1.0 +version: 0.2.0 license: basic description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration From 2d8f9e534a837c94bb9776a4754617689b5f4e1d Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 7 Mar 2022 11:48:22 -0600 Subject: [PATCH 16/19] Update zscaler_zpa to ECS 8.2 --- packages/zscaler_zpa/_dev/build/build.yml | 2 +- packages/zscaler_zpa/changelog.yml | 5 +++++ .../test-app-connector-status.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/app_connector_status/sample_event.json | 2 +- .../_dev/test/pipeline/test-audit.log-expected.json | 4 ++-- .../audit/elasticsearch/ingest_pipeline/default.yml | 2 +- .../zscaler_zpa/data_stream/audit/sample_event.json | 2 +- .../pipeline/test-browser-access.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/browser_access/sample_event.json | 2 +- .../test/pipeline/test-user-activity.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/user_activity/sample_event.json | 2 +- .../test/pipeline/test-user-status.log-expected.json | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/user_status/sample_event.json | 2 +- packages/zscaler_zpa/docs/README.md | 10 +++++----- packages/zscaler_zpa/manifest.yml | 2 +- 19 files changed, 28 insertions(+), 23 deletions(-) diff --git a/packages/zscaler_zpa/_dev/build/build.yml b/packages/zscaler_zpa/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/zscaler_zpa/_dev/build/build.yml +++ b/packages/zscaler_zpa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index edddc2672b6..f43cb41b273 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update ECS to 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/xxxx - version: "0.1.1" changes: - description: Updated the README to describe the Zscaler ZPA setup process. diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json index b6303581762..1111bb2246e 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/_dev/test/pipeline/test-app-connector-status.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "package", diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml index 12f6f6975ce..ea84f5ecb96 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/app_connector_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler app connector status logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json index 709f1b74057..d54089c0742 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/app_connector_status/sample_event.json @@ -19,7 +19,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 11a3fe01622..2bd84609931 100644 --- a/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/zscaler_zpa/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -63,7 +63,7 @@ { "@timestamp": "2021-11-17T04:29:38.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 91496d20504..f013b24c634 100644 --- a/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler audit logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/audit/sample_event.json b/packages/zscaler_zpa/data_stream/audit/sample_event.json index 76b48d8a4be..d12e0465a82 100644 --- a/packages/zscaler_zpa/data_stream/audit/sample_event.json +++ b/packages/zscaler_zpa/data_stream/audit/sample_event.json @@ -14,7 +14,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json index 8ee5746be27..1657f26bfe2 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json +++ b/packages/zscaler_zpa/data_stream/browser_access/_dev/test/pipeline/test-browser-access.log-expected.json @@ -19,7 +19,7 @@ "port": 60006 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml index 71d3f0032da..2cedb9ec2f0 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler browser access logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json index ce40a5e7eb6..b01dbb2515f 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/sample_event.json +++ b/packages/zscaler_zpa/data_stream/browser_access/sample_event.json @@ -30,7 +30,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "acf7dca8-817d-4681-bad3-1cc9bfefc49c", diff --git a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json index 921869a11ea..8d0c6c39292 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_activity/_dev/test/pipeline/test-user-activity.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "iam", diff --git a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml index e489e89bd50..689b5a60acc 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_activity/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user activity logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json index 7cb6453ce96..bbe9478dc52 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_activity/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json index 172ce6916a4..87d6daaa0a4 100644 --- a/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json +++ b/packages/zscaler_zpa/data_stream/user_status/_dev/test/pipeline/test-user-status.log-expected.json @@ -13,7 +13,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "iam", diff --git a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml index dd43d929525..6412e4ae129 100644 --- a/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zpa/data_stream/user_status/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Zscaler user status logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/zscaler_zpa/data_stream/user_status/sample_event.json b/packages/zscaler_zpa/data_stream/user_status/sample_event.json index fe6f41e1639..10f701d32fc 100644 --- a/packages/zscaler_zpa/data_stream/user_status/sample_event.json +++ b/packages/zscaler_zpa/data_stream/user_status/sample_event.json @@ -24,7 +24,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/docs/README.md b/packages/zscaler_zpa/docs/README.md index 93621a800c0..45717da46b9 100644 --- a/packages/zscaler_zpa/docs/README.md +++ b/packages/zscaler_zpa/docs/README.md @@ -226,7 +226,7 @@ An example event for `app_connector_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -439,7 +439,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -649,7 +649,7 @@ An example event for `browser_access` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "acf7dca8-817d-4681-bad3-1cc9bfefc49c", @@ -910,7 +910,7 @@ An example event for `user_activity` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", @@ -1150,7 +1150,7 @@ An example event for `user_status` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d03794ae-c5b7-46b2-8a63-42f00010ac23", diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index 02bc464358c..79955d06802 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zpa title: "Zscaler Private Access" -version: 0.1.1 +version: 0.2.0 license: basic description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. type: integration From e0afcb8779217f5db5059f496cf99acffe1e968a Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Mon, 7 Mar 2022 11:57:28 -0600 Subject: [PATCH 17/19] Update changelogs with PR number --- packages/tcp/changelog.yml | 2 +- packages/tenable_sc/changelog.yml | 2 +- packages/ti_abusech/changelog.yml | 2 +- packages/ti_anomali/changelog.yml | 2 +- packages/ti_cybersixgill/changelog.yml | 2 +- packages/ti_misp/changelog.yml | 2 +- packages/ti_otx/changelog.yml | 2 +- packages/ti_threatq/changelog.yml | 2 +- packages/tomcat/changelog.yml | 2 +- packages/udp/changelog.yml | 2 +- packages/winlog/changelog.yml | 4 ++-- packages/zeek/changelog.yml | 2 +- packages/zerofox/changelog.yml | 2 +- packages/zoom/changelog.yml | 2 +- packages/zscaler_zia/changelog.yml | 2 +- packages/zscaler_zpa/changelog.yml | 2 +- 16 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/tcp/changelog.yml b/packages/tcp/changelog.yml index 93b8af3379c..a8ef73b37e9 100644 --- a/packages/tcp/changelog.yml +++ b/packages/tcp/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.0.0" changes: - description: Initial Release diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index c8cb348fd9b..870a72ca107 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.1.0" changes: - description: Add custom User-Agent. Added configurable response size. Added filter in vulnerability dashboard to filter hostname and vulnerability cve id. Added unique identifier to asset. diff --git a/packages/ti_abusech/changelog.yml b/packages/ti_abusech/changelog.yml index e7148bc9869..945848b2951 100644 --- a/packages/ti_abusech/changelog.yml +++ b/packages/ti_abusech/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index a477615d23e..171ab831c36 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.1" changes: - description: Adding first interval to Anomali Limo policy UI diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index a66641f030f..c4cf8029fb1 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index 217c2b2e6b7..c812900fb4f 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index 8412e838b2b..bf96f7792ec 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index c5e516d945b..b6498d5db0d 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/tomcat/changelog.yml b/packages/tomcat/changelog.yml index 74281e0c07e..d56c3d3515a 100644 --- a/packages/tomcat/changelog.yml +++ b/packages/tomcat/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2.0 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.3.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/udp/changelog.yml b/packages/udp/changelog.yml index 752947ab3cf..0e0a0400587 100644 --- a/packages/udp/changelog.yml +++ b/packages/udp/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Update ECS to 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.0.1" changes: - description: Fixing typo in manifest for listen address diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index 6562da687a4..ab370f1b7ef 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,9 +1,9 @@ # newer versions go on top - version: "1.5.0" changes: - - description: Update to ECS 8.2 + - description: Update to ECS 8.2 (documentation reference only) type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.4.0" changes: - description: Expose winlog input ignore_older option. diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index d1b9641a833..308c0128255 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.6.0" changes: - description: Update to ECS 8.0 diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml index bd7d3c3ff60..52adce615a7 100644 --- a/packages/zerofox/changelog.yml +++ b/packages/zerofox/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.1 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/zoom/changelog.yml b/packages/zoom/changelog.yml index 1abe4319c52..1056aa3c6a4 100644 --- a/packages/zoom/changelog.yml +++ b/packages/zoom/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update to ECS 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.0" changes: - description: Update to ECS 8.0 diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index 9c00d754d5f..745efe6750d 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update ECS to 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index f43cb41b273..0406d68e3a4 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Update ECS to 8.2 type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/2781 - version: "0.1.1" changes: - description: Updated the README to describe the Zscaler ZPA setup process. From f419edebf9ce2eb26aaa2506e03ac60f1aa682a4 Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 16 Mar 2022 12:59:04 -0500 Subject: [PATCH 18/19] Remove event.ingested from packages --- .../test-malware-ndjson.log-expected.json | 25 - .../elasticsearch/ingest_pipeline/default.yml | 3 - ...est-malwarebazaar-ndjson.log-expected.json | 9 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../test-abusechurl-ndjson.log-expected.json | 670 ------------------ .../elasticsearch/ingest_pipeline/default.yml | 3 - ...test-anomali-limo-ndjson.log-expected.json | 642 ----------------- .../elasticsearch/ingest_pipeline/default.yml | 3 - ...st-anomali-threatstream.json-expected.json | 100 --- .../elasticsearch/ingest_pipeline/default.yml | 3 - ...t-misp-attributes-ndjson.log-expected.json | 26 - .../test-misp-sample-ndjson.log-expected.json | 15 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../test-otx-sample-ndjson.log-expected.json | 83 --- .../elasticsearch/ingest_pipeline/default.yml | 3 - ...st-threatq-sample-ndjson.log-expected.json | 10 - .../elasticsearch/ingest_pipeline/default.yml | 3 - .../pipeline/test-generated.log-expected.json | 300 -------- .../elasticsearch/ingest_pipeline/default.yml | 4 - .../pipeline/test-alert.json-expected.json | 3 - .../elasticsearch/ingest_pipeline/default.yml | 5 +- .../pipeline/test-account.json-expected.json | 3 - .../test-chat-channel.json-expected.json | 6 - .../test-chat-message.json-expected.json | 3 - .../pipeline/test-meeting.json-expected.json | 15 - .../pipeline/test-phone.json-expected.json | 11 - .../test-recording.json-expected.json | 13 - .../pipeline/test-user.json-expected.json | 13 - .../pipeline/test-webinar.json-expected.json | 14 - .../pipeline/test-zoomroom.json-expected.json | 4 - .../elasticsearch/ingest_pipeline/default.yml | 3 - 31 files changed, 1 insertion(+), 2000 deletions(-) diff --git a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json index 27cf707ec0b..337c854870a 100644 --- a/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malware/_dev/test/pipeline/test-malware-ndjson.log-expected.json @@ -9,7 +9,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708546986Z", "kind": "enrichment", "original": "{\"md5_hash\":\"7871286a8f1f68a14b18ae475683f724\",\"sha256_hash\":\"48a6aee18bcfe9058b35b1018832aef1c9efd8f50ac822f49abb484a5e2a4b1f\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:14:05\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/48a6aee18bcfe9058b35b1018832aef1c9efd8f50ac822f49abb484a5e2a4b1f/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG5:X5DpBw/KViMTB1MnEWk0115JW\",\"tlsh\":\"1344D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -55,7 +54,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708549432Z", "kind": "enrichment", "original": "{\"md5_hash\":\"7b4c77dc293347b467fb860e34515163\",\"sha256_hash\":\"ec59538e8de8525b1674b3b8fe0c180ac822145350bcce054ad3fc6b95b1b5a4\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:11:41\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/ec59538e8de8525b1674b3b8fe0c180ac822145350bcce054ad3fc6b95b1b5a4/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGY:X5DpBw/KViMTB1MnEWk0115Jr\",\"tlsh\":\"4E44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -107,7 +105,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708550403Z", "kind": "enrichment", "original": "{\"md5_hash\":\"373d34874d7bc89fd4cefa6272ee80bf\",\"sha256_hash\":\"b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:11:22\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7/\",\"virustotal\":{\"result\":\"25 / 66\",\"percent\":\"37.88\",\"link\":\"https://www.virustotal.com/gui/file/b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7/detection/f-b0e914d\"},\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGG:X5DpBw/KViMTB1MnEWk0115Jd\",\"tlsh\":\"7544D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -153,7 +150,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708551315Z", "kind": "enrichment", "original": "{\"md5_hash\":\"e2e02aae857488dbdbe6631c29abf3f8\",\"sha256_hash\":\"7483e834a73fb6817769596fe4c0fa01d28639f52bbbdc2b8a56c36d466dd7f8\",\"file_type\":\"dll\",\"file_size\":\"284672\",\"signature\":null,\"firstseen\":\"2021-01-14 06:11:21\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/7483e834a73fb6817769596fe4c0fa01d28639f52bbbdc2b8a56c36d466dd7f8/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJ9:0h3eZgRQCcw+MN54dEq7kqRtoLZH\",\"tlsh\":\"5554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717\"}", "type": "indicator" @@ -199,7 +195,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708552180Z", "kind": "enrichment", "original": "{\"md5_hash\":\"3e988e32b0c3c230d534e286665b89a5\",\"sha256_hash\":\"760e729426fb115b967a41e5a6f2f42d7a52a5cee74ed99065a6dc39bf89f59b\",\"file_type\":\"unknown\",\"file_size\":\"352\",\"signature\":null,\"firstseen\":\"2021-01-14 06:08:02\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/760e729426fb115b967a41e5a6f2f42d7a52a5cee74ed99065a6dc39bf89f59b/\",\"virustotal\":null,\"imphash\":null,\"ssdeep\":\"6:TE6ll8uXi0jIAv6BHvPuA7RKTmOQamsQMGvMQgTYbtsWsQ72hCqPZG/:TTll8uTo5uA7RKtQamsS0QJfsQ7mCR\",\"tlsh\":\"3CE0C002AB26C036500D154C221655B3B871911503CA14E6A6824BEA765D4A3290D190\"}", "type": "indicator" @@ -248,7 +243,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708553022Z", "kind": "enrichment", "original": "{\"md5_hash\":\"dcc20d534cdf29eab03d8148bf728857\",\"sha256_hash\":\"86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:08:02\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac/\",\"virustotal\":{\"result\":\"27 / 69\",\"percent\":\"39.13\",\"link\":\"https://www.virustotal.com/gui/file/86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac/detection/f-86655c0\"},\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGI:X5DpBw/KViMTB1MnEWk0115JH\",\"tlsh\":\"0D44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -294,7 +288,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708553870Z", "kind": "enrichment", "original": "{\"md5_hash\":\"f6facbf7a90b9e67a6de9f6634eb40ba\",\"sha256_hash\":\"e91c9e11d3ce4f55fabd7196279367482d2fabfa32df81e614b15fc53b4e26be\",\"file_type\":\"dll\",\"file_size\":\"284672\",\"signature\":null,\"firstseen\":\"2021-01-14 06:07:53\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/e91c9e11d3ce4f55fabd7196279367482d2fabfa32df81e614b15fc53b4e26be/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJ1:0h3eZgRQCcw+MN54dEq7kqRtoLZL\",\"tlsh\":\"2554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717\"}", "type": "indicator" @@ -340,7 +333,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708554707Z", "kind": "enrichment", "original": "{\"md5_hash\":\"44325fd5bdda2e2cdea07c3a39953bb1\",\"sha256_hash\":\"beedbbcacfc34b5edd8c68e3e4acf364992ebbcd989548e09e38fa03c5659bac\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:07:41\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/beedbbcacfc34b5edd8c68e3e4acf364992ebbcd989548e09e38fa03c5659bac/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG/:X5DpBw/KViMTB1MnEWk0115Jg\",\"tlsh\":\"A044D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -388,7 +380,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708555567Z", "kind": "enrichment", "original": "{\"md5_hash\":\"4c549051950522a3f1b0814aa9b1f6d1\",\"sha256_hash\":\"7cba55da723c0e020267a02e6ffc83e03a83701757fc4ec65ea398618ad881cf\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":\"Heodo\",\"firstseen\":\"2021-01-14 06:07:31\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/7cba55da723c0e020267a02e6ffc83e03a83701757fc4ec65ea398618ad881cf/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG4:X5DpBw/KViMTB1MnEWk0115Jv\",\"tlsh\":\"4544D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -434,7 +425,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708556415Z", "kind": "enrichment", "original": "{\"md5_hash\":\"d7333113098d88b6a5dd5b8eb24f9b87\",\"sha256_hash\":\"426be5e085e6bbad8430223dc89d8d3ced497133f8d478fd00005bcbb73399d4\",\"file_type\":\"dll\",\"file_size\":\"284672\",\"signature\":null,\"firstseen\":\"2021-01-14 06:07:07\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/426be5e085e6bbad8430223dc89d8d3ced497133f8d478fd00005bcbb73399d4/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJw:0h3eZgRQCcw+MN54dEq7kqRtoLZW\",\"tlsh\":\"9454CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717\"}", "type": "indicator" @@ -480,7 +470,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708557261Z", "kind": "enrichment", "original": "{\"md5_hash\":\"c8dbb261c1f450534c3693da2f4b479f\",\"sha256_hash\":\"25093afdaeb3ea000743ab843360a6b64f58c0a1ab950072ba6528056735deb9\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:07:07\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/25093afdaeb3ea000743ab843360a6b64f58c0a1ab950072ba6528056735deb9/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGe:X5DpBw/KViMTB1MnEWk0115JR\",\"tlsh\":\"F344D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -526,7 +515,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708558235Z", "kind": "enrichment", "original": "{\"md5_hash\":\"714953f1d0031a4bb2f0c44afd015931\",\"sha256_hash\":\"b3327a96280365e441057f490df6261c9a2400fd63719eb9a7a0c9db95beecc5\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:07:06\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/b3327a96280365e441057f490df6261c9a2400fd63719eb9a7a0c9db95beecc5/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGc:X5DpBw/KViMTB1MnEWk0115J7\",\"tlsh\":\"F644D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -572,7 +560,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708559096Z", "kind": "enrichment", "original": "{\"md5_hash\":\"20fd22742500d4cec123398afc3d3672\",\"sha256_hash\":\"e92b54904391c171238863b584355197ba4508f73320a8e89afbb5425fc2dc4b\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:07:00\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/e92b54904391c171238863b584355197ba4508f73320a8e89afbb5425fc2dc4b/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGc:X5DpBw/KViMTB1MnEWk0115JP\",\"tlsh\":\"BE44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -618,7 +605,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708559959Z", "kind": "enrichment", "original": "{\"md5_hash\":\"aa81ceea053797a6f8c38a0f2f9b80b0\",\"sha256_hash\":\"dd15e74b3cd3a4fdb5f47adefd6f90e27d5a20e01316cc791711f6dce7c0f52e\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:06:36\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/dd15e74b3cd3a4fdb5f47adefd6f90e27d5a20e01316cc791711f6dce7c0f52e/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGf:X5DpBw/KViMTB1MnEWk0115Jo\",\"tlsh\":\"CC44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -666,7 +652,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708560803Z", "kind": "enrichment", "original": "{\"md5_hash\":\"a2ce6795664c0fa93b07fa54ba868991\",\"sha256_hash\":\"0fae1eeabc4f5e07bd16f7851aec5ab6032d407c7ff0270f2b6e85c2a3efebd1\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":\"Heodo\",\"firstseen\":\"2021-01-14 06:06:13\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/0fae1eeabc4f5e07bd16f7851aec5ab6032d407c7ff0270f2b6e85c2a3efebd1/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGD:X5DpBw/KViMTB1MnEWk0115JY\",\"tlsh\":\"8C44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -712,7 +697,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708561633Z", "kind": "enrichment", "original": "{\"md5_hash\":\"9b9bac158dacb9c2f5511e9c464a7de4\",\"sha256_hash\":\"07a9d84c0b2c8cf1fd90ab409b9399d06920ab4b6efb647b5a3b9bef1045ee7e\",\"file_type\":\"dll\",\"file_size\":\"280064\",\"signature\":null,\"firstseen\":\"2021-01-14 06:05:52\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/07a9d84c0b2c8cf1fd90ab409b9399d06920ab4b6efb647b5a3b9bef1045ee7e/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKk:W5MT4WNaHy9P1FjbrjlKk\",\"tlsh\":\"6B54CF217A53C826F5E800FCA6E9878914167F346F44A4C773D40F6AA8759E2EF2B317\"}", "type": "indicator" @@ -758,7 +742,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708562609Z", "kind": "enrichment", "original": "{\"md5_hash\":\"e48e3fa5e0f7b21c1ecf1efc81ff91e8\",\"sha256_hash\":\"708c0193aec6354af6877f314d4b0e3864552bac77258bee9ee5bf886a116df5\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:05:51\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/708c0193aec6354af6877f314d4b0e3864552bac77258bee9ee5bf886a116df5/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGo:X5DpBw/KViMTB1MnEWk0115Jj\",\"tlsh\":\"6644D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -806,7 +789,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708563502Z", "kind": "enrichment", "original": "{\"md5_hash\":\"8957f5347633ab4b10c2ae4fb92c8572\",\"sha256_hash\":\"f70a3c016fe791eb30959961f0bcaa08ba7b738491b9ae61cb4a667cd1de8b37\",\"file_type\":\"dll\",\"file_size\":\"284672\",\"signature\":\"Heodo\",\"firstseen\":\"2021-01-14 06:05:50\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/f70a3c016fe791eb30959961f0bcaa08ba7b738491b9ae61cb4a667cd1de8b37/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJy:0h3eZgRQCcw+MN54dEq7kqRtoLZM\",\"tlsh\":\"0754CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717\"}", "type": "indicator" @@ -852,7 +834,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708564355Z", "kind": "enrichment", "original": "{\"md5_hash\":\"09cc76b7077b4d5704e46e864575ff03\",\"sha256_hash\":\"94ca186561b13fa9b1bf15f7e66118debc686b40d2a62a5cf4b3c6ca6ee1c7a1\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:05:36\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/94ca186561b13fa9b1bf15f7e66118debc686b40d2a62a5cf4b3c6ca6ee1c7a1/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG/:X5DpBw/KViMTB1MnEWk0115Js\",\"tlsh\":\"BB44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -898,7 +879,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708565237Z", "kind": "enrichment", "original": "{\"md5_hash\":\"98a1cdf7de4232363f1d1e0f33dbfd99\",\"sha256_hash\":\"909f890dbc5748845cf06d0fb0b73a5c0cb17761f37e9cd4810eea0d0eb8627f\",\"file_type\":\"dll\",\"file_size\":\"284672\",\"signature\":null,\"firstseen\":\"2021-01-14 06:05:16\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/909f890dbc5748845cf06d0fb0b73a5c0cb17761f37e9cd4810eea0d0eb8627f/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJQ:0h3eZgRQCcw+MN54dEq7kqRtoLZ+\",\"tlsh\":\"C554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717\"}", "type": "indicator" @@ -946,7 +926,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708566132Z", "kind": "enrichment", "original": "{\"md5_hash\":\"8a51830c1662513ba6bd44e2f7849547\",\"sha256_hash\":\"d1fa76346bef5bc8adaa615e109894a7c30f0bef07ab6272409c4056ea8d52aa\",\"file_type\":\"dll\",\"file_size\":\"284672\",\"signature\":\"Heodo\",\"firstseen\":\"2021-01-14 06:05:15\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/d1fa76346bef5bc8adaa615e109894a7c30f0bef07ab6272409c4056ea8d52aa/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJh:0h3eZgRQCcw+MN54dEq7kqRtoLZ/\",\"tlsh\":\"1654CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717\"}", "type": "indicator" @@ -992,7 +971,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708566974Z", "kind": "enrichment", "original": "{\"md5_hash\":\"ae21d742a8118d6b86674aa5370bd6a7\",\"sha256_hash\":\"3b9698b6c18bcba15ee33378440dd3f42509730e6b1d2d5832c71a74b1920e51\",\"file_type\":\"dll\",\"file_size\":\"280064\",\"signature\":null,\"firstseen\":\"2021-01-14 06:05:12\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/3b9698b6c18bcba15ee33378440dd3f42509730e6b1d2d5832c71a74b1920e51/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKS:W5MT4WNaHy9P1FjbrjlKS\",\"tlsh\":\"5454CF217A53C826F5E800FCA6E9878925167F346F44A4C373D40F6AA8759E2DF2B317\"}", "type": "indicator" @@ -1038,7 +1016,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708567865Z", "kind": "enrichment", "original": "{\"md5_hash\":\"78c9d88d24ed1d982a83216eed1590f6\",\"sha256_hash\":\"d11edc90f0e879a175abc6e2ce5c94a263aa2a01cd3b6e8b9fdf93a51235ae99\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:04:38\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/d11edc90f0e879a175abc6e2ce5c94a263aa2a01cd3b6e8b9fdf93a51235ae99/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG8:X5DpBw/KViMTB1MnEWk0115Jr\",\"tlsh\":\"6044D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" @@ -1084,7 +1061,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708568824Z", "kind": "enrichment", "original": "{\"md5_hash\":\"236577d5d83e2a8d08623a7a7f724188\",\"sha256_hash\":\"8cd28fed7ebdcd79ea2509dca84f0a727ca28d4eaaed5a92cd10b1279ff16afa\",\"file_type\":\"dll\",\"file_size\":\"241664\",\"signature\":null,\"firstseen\":\"2021-01-14 06:04:26\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/8cd28fed7ebdcd79ea2509dca84f0a727ca28d4eaaed5a92cd10b1279ff16afa/\",\"virustotal\":null,\"imphash\":\"ed2860c18f5483e3b5388bad75169dc1\",\"ssdeep\":\"6144:X1G3WVIOY6Bdjehj+qudd96ou/6mv5wdC:X1GmSafShjYdd96z/6cwdC\",\"tlsh\":\"8D34BE41B28B8B4BD163163C2976D1F8953CFC909761CE693B64B22F0F739D0892E7A5\"}", "type": "indicator" @@ -1130,7 +1106,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:24.708569677Z", "kind": "enrichment", "original": "{\"md5_hash\":\"ff60107d82dcda7e6726d214528758e7\",\"sha256_hash\":\"fb25d13188a5d0913bbcf5aeff6c7e3208ad92a7d10ab6bed2735f4d43310a27\",\"file_type\":\"dll\",\"file_size\":\"277504\",\"signature\":null,\"firstseen\":\"2021-01-14 06:04:20\",\"urlhaus_download\":\"https://urlhaus-api.abuse.ch/v1/download/fb25d13188a5d0913bbcf5aeff6c7e3208ad92a7d10ab6bed2735f4d43310a27/\",\"virustotal\":null,\"imphash\":\"68aea345b134d576ccdef7f06db86088\",\"ssdeep\":\"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGz:X5DpBw/KViMTB1MnEWk0115JU\",\"tlsh\":\"9244D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717\"}", "type": "indicator" diff --git a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml index e6307a0738c..f0843a64975 100644 --- a/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malware/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.2.0" diff --git a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json index ea8ae47c6e0..70a0c292c3c 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/malwarebazaar/_dev/test/pipeline/test-malwarebazaar-ndjson.log-expected.json @@ -19,7 +19,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644972581Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"5bce7d528c1363104a93fbb5a7fa9bdd991ce929cc09cc7fb29052a68d4fd24b\",\"sha3_384_hash\":\"3b454eb6421d17d093f19292b64d30bf918cb91e9322d0e2d2512857997f574ea2ca5b005133c16f6c33c7cee9c1bd0e\",\"sha1_hash\":\"a71fd0504821092e003f350080a6bcc5fa6a972e\",\"md5_hash\":\"0af07660056a692b7cb82fa329221ddd\",\"first_seen\":\"2021-04-06 20:34:58\",\"last_seen\":null,\"file_name\":\"SALM0BRU.exe\",\"file_size\":399872,\"file_type_mime\":\"application/x-dosexec\",\"file_type\":\"exe\",\"reporter\":\"James_inthe_box\",\"origin_country\":\"US\",\"anonymous\":0,\"signature\":null,\"imphash\":\"f34d5f2d4577ed6d9ceec516c1f5a744\",\"tlsh\":\"F9848B24AF932F9BC6CCC1FE50C2D165C9A9F85DD2B1251A73B6CB89FE00544ED2C686\",\"telfhash\":null,\"ssdeep\":\"3072:DsPPK3p+8r5igrL1Tq50cVBDmDJhE9yV4veedHrP6FXK7:D+PL8bronBDmDJ69JeedHriFG\",\"tags\":[\"exe\"],\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"15\",\"uploads\":\"1\",\"mail\":null}}", "type": "indicator" @@ -82,7 +81,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644975757Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"83d0429a2c5f1b611ebc30391eeeb75bebb51212ee1af51dbcf2624b48f9d27f\",\"sha3_384_hash\":\"0a1536add280715320040d5ac5340d3b205d90045ff5c90993b8e909edb9b3e9338b3ffbb3febcaf82584d00d516e8c7\",\"sha1_hash\":\"c454be4eb0892d61a4ad6bac16f97724e73cd795\",\"md5_hash\":\"296aad7075596d21516b30bfbc17fcac\",\"first_seen\":\"2021-04-06 20:32:25\",\"last_seen\":null,\"file_name\":\"PO_NO.ENQUIRY-210604.zip\",\"file_size\":476768,\"file_type_mime\":\"application/zip\",\"file_type\":\"zip\",\"reporter\":\"GovCERT_CH\",\"origin_country\":\"US\",\"anonymous\":0,\"signature\":null,\"imphash\":null,\"tlsh\":\"74A4233B9A6D5CA02B224AA69F37537D13A8406300944EAEFD375CA431583056B9F6FF\",\"telfhash\":null,\"ssdeep\":\"12288:j++y4mulTPaYJSaHwvJblQpLGwYeHU9vPpNGd+Zr:j3HPaMtQxblje01pNHZr\",\"tags\":null,\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"11\",\"uploads\":\"1\",\"mail\":null}}", "type": "indicator" @@ -145,7 +143,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644976999Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"f4910ea08d14eeb634084de47cf590d4dc5e554552f111da20d22ae71d7b425b\",\"sha3_384_hash\":\"ee7586cb085fde3c14c9c1bea4635ccb30b1af2020f64e87a9983e61b05026ec9b35255670a3d9ecaab436c4ba302dcc\",\"sha1_hash\":\"bf103996196df8255881127dee103c22fc12bef3\",\"md5_hash\":\"a4838dd31c672122441bebcbf7e9d277\",\"first_seen\":\"2021-04-06 20:12:29\",\"last_seen\":null,\"file_name\":\"DropDll.dat\",\"file_size\":435926,\"file_type_mime\":\"application/x-dosexec\",\"file_type\":\"dll\",\"reporter\":\"DmitriyMelikov\",\"origin_country\":\"DE\",\"anonymous\":0,\"signature\":\"Hancitor\",\"imphash\":\"0b5a952a025c2783c3126cdb9bef2844\",\"tlsh\":\"0C947D11BA96C473E572163008399F6A17BE7A900B704BDBE3CC097E4E755C24B36BA7\",\"telfhash\":null,\"ssdeep\":\"12288:L2X/txpFDEVkUNglTovKfoLy+hqK/cEUMMlGOG:RzglgLm/9lGOG\",\"tags\":[\"Hancitor\"],\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"30\",\"uploads\":\"1\",\"mail\":null}}", "type": "indicator" @@ -214,7 +211,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644978112Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"e45ffc61a85c2f5c0cbe9376ff215cad324bf14f925bf52ec0d2949f7d235a00\",\"sha3_384_hash\":\"788f61cf45bbc8cad5775de18d0d5f42c4e028af0aaa34c570645efc96af8ebc3d7fe330aaf22ef34d35360bbd4a708c\",\"sha1_hash\":\"a68ca1b41cb93fe2879bb3baeb8e19990758f099\",\"md5_hash\":\"8d7c8b55ac49d241fb7f75a27a5ef8d5\",\"first_seen\":\"2021-04-06 20:07:59\",\"last_seen\":null,\"file_name\":\"vabsheche.py\",\"file_size\":11717,\"file_type_mime\":\"text/x-script.python\",\"file_type\":\"unknown\",\"reporter\":\"ArkbirdDevil\",\"origin_country\":\"FR\",\"anonymous\":0,\"signature\":null,\"imphash\":null,\"tlsh\":\"AE3222515C6A881A03B3C66F7992B844FB588303C7116607F6FC86782F79568CAF1BBD\",\"telfhash\":null,\"ssdeep\":\"192:z7X/yHo/yz/yBKiSOINLyhQMYd+LiTfq6LTf3ZoTta3Grj6rg2:z7CIKnNNLwufPfAPq7\",\"tags\":[\"backdoor\",\"python\"],\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"27\",\"uploads\":\"1\",\"mail\":null}}", "type": "indicator" @@ -277,7 +273,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644979152Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"42f5f5474431738f91f612d9765b3fc9b85a547274ea64aa034298ad97ad28f4\",\"sha3_384_hash\":\"752e5d56a166227d06f8cbd40cd3f693f543f9c3f798c673c1430957bb7e149a12d9158138fa449479105f472e70f68f\",\"sha1_hash\":\"e8378aede9f26f09b7d503d79a05d67612be15f6\",\"md5_hash\":\"fe185f106730583156f39233f77f8019\",\"first_seen\":\"2021-04-06 20:00:48\",\"last_seen\":null,\"file_name\":\"42f5f5474431738f91f612d9765b3fc9b85a547274ea64aa034298ad97ad28f4.bin\",\"file_size\":7929856,\"file_type_mime\":\"application/msword\",\"file_type\":\"docx\",\"reporter\":\"ArkbirdDevil\",\"origin_country\":\"FR\",\"anonymous\":0,\"signature\":null,\"imphash\":null,\"tlsh\":\"13863341B085EE2EE2CA41BA0DA9C2BD43B63D131E054F677269B72D3EB76E0E7D4144\",\"telfhash\":null,\"ssdeep\":\"196608:KQaeKLOiBEp+uc+iuYmbMdHmN1Rwyd2jecXeaH1pHE+2:oeIOTp+p+iNJC1ChjhXZ1pHz2\",\"tags\":[\"maldoc\"],\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"21\",\"uploads\":\"1\",\"mail\":null}}", "type": "indicator" @@ -341,7 +336,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644980242Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"2d705f0b76f24a18e08163db2f187140ee9f03e43697a9ea0d840c829692d43c\",\"sha3_384_hash\":\"c82132559381b7b3b184b4ce8c7a58c301a46001621f346b637139f5987dee968ae2ef009a17b2388852b2db15a45b58\",\"sha1_hash\":\"b2da45913353bfc66d189455f9ad80ef26968143\",\"md5_hash\":\"70da6872b6b2da9ddc94d14b02302917\",\"first_seen\":\"2021-04-06 19:58:50\",\"last_seen\":null,\"file_name\":\"winlog.wll\",\"file_size\":131584,\"file_type_mime\":\"application/x-dosexec\",\"file_type\":\"dll\",\"reporter\":\"ArkbirdDevil\",\"origin_country\":\"FR\",\"anonymous\":0,\"signature\":null,\"imphash\":\"6476b7c4dd55eafbdf922a7ba1e2d5f9\",\"tlsh\":\"A2D38C067790C071DAAF013908799E624B7F7D70DDB49D8B77841A8E69342D0AF3AB27\",\"telfhash\":null,\"ssdeep\":\"1536:2NVi7z0r0lJRn6I8+YDgr1fnWG5Ff0+adgBYlCtMiQMX1c0E4JsWjcdonPv870E1:YM7zh8+Cofnp5eRm6riQ6OZoPv870E\",\"tags\":[\"apt\",\"tonto\"],\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"30\",\"uploads\":\"1\",\"mail\":null}}", "type": "indicator" @@ -404,7 +398,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644981284Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"30787f32adc487311d764b19d4504fdeab08c0d385e2fa065bd8d5836c031606\",\"sha3_384_hash\":\"a3ec981ed158fe08cc2cd97303807cfbed147e59ccfd92fcaa9395c5718b4d9b892d6e9fa6337f5976dc1bd042562fe4\",\"sha1_hash\":\"3d613d5678e43faeea1c636185a0b4c3ec80e742\",\"md5_hash\":\"de80e1d7d9f5b1c64ec9f8d4f5063989\",\"first_seen\":\"2021-04-06 19:58:44\",\"last_seen\":null,\"file_name\":\"30787f32adc487311d764b19d4504fdeab08c0d385e2fa065bd8d5836c031606.bin.sample\",\"file_size\":1088000,\"file_type_mime\":\"application/msword\",\"file_type\":\"docx\",\"reporter\":\"DmitriyMelikov\",\"origin_country\":\"DE\",\"anonymous\":0,\"signature\":null,\"imphash\":null,\"tlsh\":\"8635D001BA82C573D5621A35083ADBAA177E7D604F704ADBB3C83B2E5D355C14B32BA7\",\"telfhash\":null,\"ssdeep\":\"24576:WKEiZxl3A4yJJG2dPQQCthXzglgLm/9lGO:WKEGByvGOQQC/XElga/9lGO\",\"tags\":null,\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"32\",\"uploads\":\"1\",\"mail\":null}}", "type": "indicator" @@ -471,7 +464,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644982321Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"84f983067868de50e5b1553782c056c1f5b5118bb2084473ca4b6908f221cd3b\",\"sha3_384_hash\":\"138dc28a74d15c1f9797ce732e99097c8c6db4549cb17cb7b20c1c6738a170328e45aea2d4c3b593912f14a97f521c1d\",\"sha1_hash\":\"00b52e8ca1785d5086703ad8cff1d28fc3354934\",\"md5_hash\":\"2759c73c986c6a757bf9d25621c5595a\",\"first_seen\":\"2021-04-06 19:52:32\",\"last_seen\":null,\"file_name\":\"Purchase Order.8000.scan.pdf...exe\",\"file_size\":752128,\"file_type_mime\":\"application/x-dosexec\",\"file_type\":\"exe\",\"reporter\":\"James_inthe_box\",\"origin_country\":\"FR\",\"anonymous\":0,\"signature\":\"SnakeKeylogger\",\"imphash\":\"f34d5f2d4577ed6d9ceec516c1f5a744\",\"tlsh\":\"23F4AE212684C9C0D93E67B4D43584F003BABD16D631F69F6E887C693EB32D2D63B646\",\"telfhash\":null,\"ssdeep\":\"12288:8t11ulRZRLZNh4YeX6f6XmwNShqE73YXy7moh:S11gZpZNmBX06WmAcy7m0\",\"tags\":[\"exe\",\"SnakeKeylogger\"],\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"38\",\"uploads\":\"1\",\"mail\":{\"Generic\":\"low\"}}}", "type": "indicator" @@ -543,7 +535,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:30.644983396Z", "kind": "enrichment", "original": "{\"sha256_hash\":\"0661d87116f44cbd5b5c6bec7fb06c4e5cd5b6ecbc5455d959e65f1ee46c54c8\",\"sha3_384_hash\":\"ed5d03454121d81adf65a01ba90af81b1a7cea052709c22bb9170508069d17242861f85e5546b2cc3efb07c10926368c\",\"sha1_hash\":\"a34fd5e57d75d17bc2d84055ca4752e5ee2e92f5\",\"md5_hash\":\"596b3dbf07a287dcf76860b5e54762c3\",\"first_seen\":\"2021-04-06 19:47:13\",\"last_seen\":null,\"file_name\":\"New Order PO#121012020_____PDF_______.exe\",\"file_size\":836096,\"file_type_mime\":\"application/x-dosexec\",\"file_type\":\"exe\",\"reporter\":\"James_inthe_box\",\"origin_country\":\"FR\",\"anonymous\":0,\"signature\":\"AgentTesla\",\"imphash\":\"f34d5f2d4577ed6d9ceec516c1f5a744\",\"tlsh\":\"A505CF712694C9A4FABD53B80434403007F5FE42E232FA9A6FD17C993E72782DA3B655\",\"telfhash\":null,\"ssdeep\":\"12288:qRedcNeqimzAEmN03VgdZfBOMx+RVBM7pdWje9ppB5nAZGNY2:ZaNeqikqN0udZfBFUYp55nFN\",\"tags\":[\"AgentTesla\",\"exe\"],\"code_sign\":[],\"intelligence\":{\"clamav\":null,\"downloads\":\"40\",\"uploads\":\"1\",\"mail\":{\"Generic\":\"low\"}}}", "type": "indicator" diff --git a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml index 0dcc21bc9a5..3b5f298c44e 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/malwarebazaar/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.2.0" diff --git a/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json b/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json index 1a6bb3357af..7c611429b29 100644 --- a/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json +++ b/packages/ti_abusech/data_stream/url/_dev/test/pipeline/test-abusechurl-ndjson.log-expected.json @@ -22,7 +22,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133223437Z", "kind": "enrichment", "original": "{\"id\":\"961548\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961548/\",\"url\":\"http://89.160.20.156:34613/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:19:13 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"false\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -71,7 +70,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133225693Z", "kind": "enrichment", "original": "{\"id\":\"961546\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961546/\",\"url\":\"http://89.160.20.156:44941/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"false\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -120,7 +118,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133226798Z", "kind": "enrichment", "original": "{\"id\":\"961547\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961547/\",\"url\":\"http://89.160.20.156:37173/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"false\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -169,7 +166,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133227680Z", "kind": "enrichment", "original": "{\"id\":\"961545\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961545/\",\"url\":\"http://89.160.20.156:47545/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"false\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -218,7 +214,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133228532Z", "kind": "enrichment", "original": "{\"id\":\"961544\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961544/\",\"url\":\"http://89.160.20.156:44782/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:07:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -267,7 +262,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133229396Z", "kind": "enrichment", "original": "{\"id\":\"961543\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961543/\",\"url\":\"http://89.160.20.156:44359/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:07:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -316,7 +310,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133230248Z", "kind": "enrichment", "original": "{\"id\":\"961540\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961540/\",\"url\":\"http://89.160.20.156:56507/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:07:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -365,7 +358,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133231196Z", "kind": "enrichment", "original": "{\"id\":\"961541\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961541/\",\"url\":\"http://89.160.20.156:57562/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:07:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -414,7 +406,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133232083Z", "kind": "enrichment", "original": "{\"id\":\"961542\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961542/\",\"url\":\"http://89.160.20.156:48845/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:07:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -463,7 +454,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133235488Z", "kind": "enrichment", "original": "{\"id\":\"961539\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961539/\",\"url\":\"http://89.160.20.156:58245/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -512,7 +502,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133236509Z", "kind": "enrichment", "original": "{\"id\":\"961538\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961538/\",\"url\":\"http://89.160.20.156:37198/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:06:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -561,7 +550,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133237632Z", "kind": "enrichment", "original": "{\"id\":\"961537\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961537/\",\"url\":\"http://89.160.20.156:33524/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:06:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -610,7 +598,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133238541Z", "kind": "enrichment", "original": "{\"id\":\"961531\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961531/\",\"url\":\"http://89.160.20.156:48261/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -659,7 +646,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133239400Z", "kind": "enrichment", "original": "{\"id\":\"961532\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961532/\",\"url\":\"http://89.160.20.156:34478/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -708,7 +694,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133240254Z", "kind": "enrichment", "original": "{\"id\":\"961533\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961533/\",\"url\":\"http://89.160.20.156:35703/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -757,7 +742,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133241112Z", "kind": "enrichment", "original": "{\"id\":\"961534\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961534/\",\"url\":\"http://89.160.20.156:48666/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -806,7 +790,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133242085Z", "kind": "enrichment", "original": "{\"id\":\"961535\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961535/\",\"url\":\"http://89.160.20.156:53923/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -855,7 +838,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133242943Z", "kind": "enrichment", "original": "{\"id\":\"961536\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961536/\",\"url\":\"http://89.160.20.156:52794/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -904,7 +886,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133243786Z", "kind": "enrichment", "original": "{\"id\":\"961530\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961530/\",\"url\":\"http://89.160.20.156:49312/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:05:34 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"false\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -953,7 +934,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133244644Z", "kind": "enrichment", "original": "{\"id\":\"961525\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961525/\",\"url\":\"http://89.160.20.156:38961/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -1002,7 +982,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133245545Z", "kind": "enrichment", "original": "{\"id\":\"961526\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961526/\",\"url\":\"http://89.160.20.156:50420/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -1051,7 +1030,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133246474Z", "kind": "enrichment", "original": "{\"id\":\"961527\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961527/\",\"url\":\"http://89.160.20.156:55007/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -1100,7 +1078,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133247323Z", "kind": "enrichment", "original": "{\"id\":\"961528\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961528/\",\"url\":\"http://89.160.20.156:51143/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -1149,7 +1126,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133248273Z", "kind": "enrichment", "original": "{\"id\":\"961529\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961529/\",\"url\":\"http://89.160.20.156:41003/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -1197,7 +1173,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133249113Z", "kind": "enrichment", "original": "{\"id\":\"961524\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961524/\",\"url\":\"http://89.160.20.156:35739/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:38 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1245,7 +1220,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133250070Z", "kind": "enrichment", "original": "{\"id\":\"961523\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961523/\",\"url\":\"http://89.160.20.156:45653/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:36 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1293,7 +1267,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133250945Z", "kind": "enrichment", "original": "{\"id\":\"961520\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961520/\",\"url\":\"http://89.160.20.156:41349/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1341,7 +1314,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133251781Z", "kind": "enrichment", "original": "{\"id\":\"961521\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961521/\",\"url\":\"http://89.160.20.156:48586/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1389,7 +1361,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133252622Z", "kind": "enrichment", "original": "{\"id\":\"961522\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961522/\",\"url\":\"http://89.160.20.156:38111/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1437,7 +1408,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133253511Z", "kind": "enrichment", "original": "{\"id\":\"961518\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961518/\",\"url\":\"http://89.160.20.156:34556/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:10 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1486,7 +1456,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133254419Z", "kind": "enrichment", "original": "{\"id\":\"961519\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961519/\",\"url\":\"http://89.160.20.156:59815/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:10 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -1536,7 +1505,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133255259Z", "kind": "enrichment", "original": "{\"id\":\"961516\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961516/\",\"url\":\"http://89.160.20.156:50587/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -1585,7 +1553,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133256116Z", "kind": "enrichment", "original": "{\"id\":\"961517\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961517/\",\"url\":\"http://89.160.20.156:48322/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -1633,7 +1600,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133257285Z", "kind": "enrichment", "original": "{\"id\":\"961515\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961515/\",\"url\":\"http://89.160.20.156:33317/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1681,7 +1647,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133258400Z", "kind": "enrichment", "original": "{\"id\":\"961513\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961513/\",\"url\":\"http://89.160.20.156:41516/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1729,7 +1694,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133260703Z", "kind": "enrichment", "original": "{\"id\":\"961514\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961514/\",\"url\":\"http://89.160.20.156:57798/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1777,7 +1741,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133261674Z", "kind": "enrichment", "original": "{\"id\":\"961509\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961509/\",\"url\":\"http://89.160.20.156:47671/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1825,7 +1788,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133262831Z", "kind": "enrichment", "original": "{\"id\":\"961510\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961510/\",\"url\":\"http://89.160.20.156:57690/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1875,7 +1837,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133263729Z", "kind": "enrichment", "original": "{\"id\":\"961511\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961511/\",\"url\":\"http://89.160.20.156:50611/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -1922,7 +1883,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133264623Z", "kind": "enrichment", "original": "{\"id\":\"961512\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961512/\",\"url\":\"http://89.160.20.156:34141/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 21:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -1971,7 +1931,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133265463Z", "kind": "enrichment", "original": "{\"id\":\"961507\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961507/\",\"url\":\"http://89.160.20.156:44399/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2020,7 +1979,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133266297Z", "kind": "enrichment", "original": "{\"id\":\"961508\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961508/\",\"url\":\"http://89.160.20.156:49120/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2069,7 +2027,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133267120Z", "kind": "enrichment", "original": "{\"id\":\"961506\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961506/\",\"url\":\"http://89.160.20.156:51136/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2118,7 +2075,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133268025Z", "kind": "enrichment", "original": "{\"id\":\"961504\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961504/\",\"url\":\"http://89.160.20.156:45773/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2167,7 +2123,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133268879Z", "kind": "enrichment", "original": "{\"id\":\"961505\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961505/\",\"url\":\"http://89.160.20.156:56528/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2216,7 +2171,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133269737Z", "kind": "enrichment", "original": "{\"id\":\"961500\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961500/\",\"url\":\"http://89.160.20.156:44427/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2265,7 +2219,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133270598Z", "kind": "enrichment", "original": "{\"id\":\"961501\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961501/\",\"url\":\"http://89.160.20.156:36134/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2314,7 +2267,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133271463Z", "kind": "enrichment", "original": "{\"id\":\"961502\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961502/\",\"url\":\"http://89.160.20.156:43973/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2363,7 +2315,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133272362Z", "kind": "enrichment", "original": "{\"id\":\"961503\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961503/\",\"url\":\"http://89.160.20.156:41319/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2412,7 +2363,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133273208Z", "kind": "enrichment", "original": "{\"id\":\"961496\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961496/\",\"url\":\"http://89.160.20.156:51847/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2461,7 +2411,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133274179Z", "kind": "enrichment", "original": "{\"id\":\"961497\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961497/\",\"url\":\"http://89.160.20.156:54469/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2510,7 +2459,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133275015Z", "kind": "enrichment", "original": "{\"id\":\"961498\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961498/\",\"url\":\"http://89.160.20.156:34547/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2559,7 +2507,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133275952Z", "kind": "enrichment", "original": "{\"id\":\"961499\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961499/\",\"url\":\"http://89.160.20.156:33932/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -2607,7 +2554,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133276790Z", "kind": "enrichment", "original": "{\"id\":\"961494\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961494/\",\"url\":\"https://univirtek.com/viro/02478080035/blank.jpg\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:51:47 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -2653,7 +2599,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133277644Z", "kind": "enrichment", "original": "{\"id\":\"961495\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961495/\",\"url\":\"https://univirtek.com/viro/FRRNDR77C25D325O/map.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:51:47 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -2699,7 +2644,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133278500Z", "kind": "enrichment", "original": "{\"id\":\"961492\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961492/\",\"url\":\"https://ladiesincode.com/ladi/CNNSRG83H04F158R/blank.jpg\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:51:45 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -2745,7 +2689,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133279392Z", "kind": "enrichment", "original": "{\"id\":\"961493\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961493/\",\"url\":\"https://letonguesc.com/leto/02328510512/logo.css\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:51:45 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -2791,7 +2734,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133280232Z", "kind": "enrichment", "original": "{\"id\":\"961490\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961490/\",\"url\":\"https://cxminute.com/minu/MLILSN74B21E507L/uk.png\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:51:44 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -2837,7 +2779,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133281079Z", "kind": "enrichment", "original": "{\"id\":\"961491\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961491/\",\"url\":\"https://cxminute.com/minu/12875710159/blank.css\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:51:44 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -2883,7 +2824,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133282011Z", "kind": "enrichment", "original": "{\"id\":\"961489\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961489/\",\"url\":\"https://cxminute.com/minu/CPNLNZ65M20A200N/maps.gif\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:51:41 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -2929,7 +2869,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133282908Z", "kind": "enrichment", "original": "{\"id\":\"961488\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961488/\",\"url\":\"https://belfetproduction.com/bella/DLPCMN64D02D789E/logo.png\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:51:40 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -2975,7 +2914,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133283810Z", "kind": "enrichment", "original": "{\"id\":\"961487\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961487/\",\"url\":\"https://belfetproduction.com/bella/01844510469/1x1.jpg\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:51:17 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3021,7 +2959,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133284667Z", "kind": "enrichment", "original": "{\"id\":\"961485\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961485/\",\"url\":\"https://ladiesincode.com/ladi/FRRDNI52M71E522D/logo.css\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:51:16 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3067,7 +3004,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133285514Z", "kind": "enrichment", "original": "{\"id\":\"961486\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961486/\",\"url\":\"https://letonguesc.com/leto/CPPMRC65E04H980Q/it.gif\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:51:16 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3113,7 +3049,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133286362Z", "kind": "enrichment", "original": "{\"id\":\"961482\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961482/\",\"url\":\"https://univirtek.com/viro/06389650018/it.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:51:15 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3159,7 +3094,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133287363Z", "kind": "enrichment", "original": "{\"id\":\"961483\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961483/\",\"url\":\"https://belfetproduction.com/bella/CRSRRT61E15H501H/logo.png\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:51:15 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3205,7 +3139,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133288209Z", "kind": "enrichment", "original": "{\"id\":\"961484\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961484/\",\"url\":\"https://cxminute.com/minu/SMPMSM67P05F205U/it.jpg\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:51:15 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3251,7 +3184,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133289054Z", "kind": "enrichment", "original": "{\"id\":\"961480\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961480/\",\"url\":\"https://univirtek.com/viro/SBNPQL78A24A783E/uk.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:51:13 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3297,7 +3229,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133289939Z", "kind": "enrichment", "original": "{\"id\":\"961481\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961481/\",\"url\":\"https://cxminute.com/minu/15578761007/maps.jpg\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:51:13 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3343,7 +3274,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133290851Z", "kind": "enrichment", "original": "{\"id\":\"961478\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961478/\",\"url\":\"https://univirtek.com/viro/03079590133/1x1.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:51:10 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3389,7 +3319,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133291788Z", "kind": "enrichment", "original": "{\"id\":\"961479\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961479/\",\"url\":\"https://ladiesincode.com/ladi/BNCLNR77T56M082U/it.gif\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:51:10 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3435,7 +3364,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133292675Z", "kind": "enrichment", "original": "{\"id\":\"961476\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961476/\",\"url\":\"https://cxminute.com/minu/JNKMTJ64B29L424O/uk.css\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:50:45 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3481,7 +3409,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133293537Z", "kind": "enrichment", "original": "{\"id\":\"961477\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961477/\",\"url\":\"https://belfetproduction.com/bella/PGNMRA64S22I608Z/en.png\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:50:45 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3527,7 +3454,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133727741Z", "kind": "enrichment", "original": "{\"id\":\"961470\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961470/\",\"url\":\"https://cxminute.com/minu/RZKDRD77T23Z229T/logo.jpg\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:50:43 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3573,7 +3499,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133738184Z", "kind": "enrichment", "original": "{\"id\":\"961471\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961471/\",\"url\":\"https://fhivelifestyle.online/nhbrwvdffsgt/adf/maps.jpg\",\"url_status\":\"offline\",\"host\":\"fhivelifestyle.online\",\"date_added\":\"2021-01-14 20:50:43 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3619,7 +3544,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133739363Z", "kind": "enrichment", "original": "{\"id\":\"961472\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961472/\",\"url\":\"https://belfetproduction.com/bella/05739900487/1x1.css\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:50:43 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3665,7 +3589,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133740220Z", "kind": "enrichment", "original": "{\"id\":\"961473\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961473/\",\"url\":\"https://belfetproduction.com/bella/01767180597/map.css\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:50:43 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3711,7 +3634,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133741063Z", "kind": "enrichment", "original": "{\"id\":\"961474\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961474/\",\"url\":\"https://belfetproduction.com/bella/BRNGRG55D21F394K/map.css\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:50:43 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3757,7 +3679,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133742004Z", "kind": "enrichment", "original": "{\"id\":\"961475\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961475/\",\"url\":\"https://cxminute.com/minu/DLLTZN67L20L157J/1x1.css\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:50:43 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3803,7 +3724,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133742818Z", "kind": "enrichment", "original": "{\"id\":\"961468\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961468/\",\"url\":\"https://cxminute.com/minu/08035410722/logo.jpg\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:50:38 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3849,7 +3769,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133743640Z", "kind": "enrichment", "original": "{\"id\":\"961469\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961469/\",\"url\":\"https://univirtek.com/viro/GRNZEI60M13G346L/en.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:50:38 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3895,7 +3814,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133744460Z", "kind": "enrichment", "original": "{\"id\":\"961467\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961467/\",\"url\":\"https://letonguesc.com/leto/03253350239/1x1.png\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:50:13 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3941,7 +3859,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133745341Z", "kind": "enrichment", "original": "{\"id\":\"961464\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961464/\",\"url\":\"https://ladiesincode.com/ladi/10582470158/uk.css\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:50:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -3987,7 +3904,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133746188Z", "kind": "enrichment", "original": "{\"id\":\"961465\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961465/\",\"url\":\"https://ladiesincode.com/ladi/BTTLNZ68A56D325C/map.css\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:50:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4033,7 +3949,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133746985Z", "kind": "enrichment", "original": "{\"id\":\"961466\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961466/\",\"url\":\"https://letonguesc.com/leto/NNTLRT68P28A717L/en.jpg\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:50:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4079,7 +3994,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133747794Z", "kind": "enrichment", "original": "{\"id\":\"961461\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961461/\",\"url\":\"https://univirtek.com/viro/CTTNDR89A19B149W/maps.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:50:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4125,7 +4039,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133748595Z", "kind": "enrichment", "original": "{\"id\":\"961462\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961462/\",\"url\":\"https://cxminute.com/minu/DRSNTN77B16I197U/logo.css\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:50:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4171,7 +4084,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133749474Z", "kind": "enrichment", "original": "{\"id\":\"961463\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961463/\",\"url\":\"https://univirtek.com/viro/02941830735/uk.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:50:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4217,7 +4129,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133750320Z", "kind": "enrichment", "original": "{\"id\":\"961458\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961458/\",\"url\":\"https://belfetproduction.com/bella/MNSGCM91A04G240K/it.css\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:50:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4263,7 +4174,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133751148Z", "kind": "enrichment", "original": "{\"id\":\"961459\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961459/\",\"url\":\"https://ladiesincode.com/ladi/03108100615/it.jpg\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:50:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4309,7 +4219,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133751944Z", "kind": "enrichment", "original": "{\"id\":\"961460\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961460/\",\"url\":\"https://cxminute.com/minu/PTACSM56A31F604X/en.png\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:50:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4355,7 +4264,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133752844Z", "kind": "enrichment", "original": "{\"id\":\"961455\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961455/\",\"url\":\"https://univirtek.com/viro/00183050368/en.gif\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:49:39 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4401,7 +4309,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133753746Z", "kind": "enrichment", "original": "{\"id\":\"961456\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961456/\",\"url\":\"https://cxminute.com/minu/TSNLSN58H30G912H/uk.gif\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:49:39 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4447,7 +4354,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133754560Z", "kind": "enrichment", "original": "{\"id\":\"961457\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961457/\",\"url\":\"https://letonguesc.com/leto/08658331007/blank.gif\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:49:39 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4493,7 +4399,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133755362Z", "kind": "enrichment", "original": "{\"id\":\"961450\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961450/\",\"url\":\"https://cxminute.com/minu/01098910324/blank.png\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:49:37 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4539,7 +4444,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133756160Z", "kind": "enrichment", "original": "{\"id\":\"961451\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961451/\",\"url\":\"https://univirtek.com/viro/02794390233/uk.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:49:37 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4585,7 +4489,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133757068Z", "kind": "enrichment", "original": "{\"id\":\"961452\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961452/\",\"url\":\"https://univirtek.com/viro/CSTDNT69D63F754D/en.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:49:37 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4631,7 +4534,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133758189Z", "kind": "enrichment", "original": "{\"id\":\"961453\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961453/\",\"url\":\"https://univirtek.com/viro/GSTGNE91B06L219W/1x1.jpg\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:49:37 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4677,7 +4579,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133758994Z", "kind": "enrichment", "original": "{\"id\":\"961454\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961454/\",\"url\":\"https://univirtek.com/viro/03610140125/map.jpg\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:49:37 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4723,7 +4624,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133759802Z", "kind": "enrichment", "original": "{\"id\":\"961448\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961448/\",\"url\":\"https://belfetproduction.com/bella/CRRLRD74E09A462T/blank.png\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:49:36 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4769,7 +4669,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133760670Z", "kind": "enrichment", "original": "{\"id\":\"961449\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961449/\",\"url\":\"https://univirtek.com/viro/RSTFRZ57T05G337C/maps.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:49:36 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4815,7 +4714,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133761580Z", "kind": "enrichment", "original": "{\"id\":\"961447\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961447/\",\"url\":\"https://letonguesc.com/leto/LBRFNC56S10D952D/map.gif\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:49:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4861,7 +4759,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133762397Z", "kind": "enrichment", "original": "{\"id\":\"961444\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961444/\",\"url\":\"https://univirtek.com/viro/01669890194/it.gif\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:49:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4907,7 +4804,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133763211Z", "kind": "enrichment", "original": "{\"id\":\"961445\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961445/\",\"url\":\"https://letonguesc.com/leto/GTNNTN60P12H632S/maps.css\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:49:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4953,7 +4849,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133764012Z", "kind": "enrichment", "original": "{\"id\":\"961446\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961446/\",\"url\":\"https://cxminute.com/minu/ZHOXBN72B06Z210N/en.css\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:49:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -4999,7 +4894,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133764955Z", "kind": "enrichment", "original": "{\"id\":\"961442\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961442/\",\"url\":\"https://letonguesc.com/leto/KHNGGR61S21Z112Y/uk.css\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:49:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5045,7 +4939,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133766007Z", "kind": "enrichment", "original": "{\"id\":\"961443\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961443/\",\"url\":\"https://ladiesincode.com/ladi/MNRMNL75A12I531F/uk.jpg\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:49:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5091,7 +4984,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133766834Z", "kind": "enrichment", "original": "{\"id\":\"961438\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961438/\",\"url\":\"https://ladiesincode.com/ladi/RBGMNL67A02L675L/uk.css\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:49:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5137,7 +5029,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133767645Z", "kind": "enrichment", "original": "{\"id\":\"961439\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961439/\",\"url\":\"https://letonguesc.com/leto/RSSPPL67P15G535L/map.gif\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:49:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5183,7 +5074,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133768450Z", "kind": "enrichment", "original": "{\"id\":\"961440\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961440/\",\"url\":\"https://fhivelifestyle.online/nhbrwvdffsgt/adf/uk.css\",\"url_status\":\"offline\",\"host\":\"fhivelifestyle.online\",\"date_added\":\"2021-01-14 20:49:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5229,7 +5119,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133769487Z", "kind": "enrichment", "original": "{\"id\":\"961441\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961441/\",\"url\":\"https://letonguesc.com/leto/BNTLGU67R11L706R/blank.gif\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:49:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5275,7 +5164,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133770348Z", "kind": "enrichment", "original": "{\"id\":\"961437\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961437/\",\"url\":\"https://cxminute.com/minu/03713610651/map.css\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:48:37 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5321,7 +5209,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133771171Z", "kind": "enrichment", "original": "{\"id\":\"961436\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961436/\",\"url\":\"https://univirtek.com/viro/01312580507/uk.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:36 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5367,7 +5254,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133772072Z", "kind": "enrichment", "original": "{\"id\":\"961431\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961431/\",\"url\":\"https://cxminute.com/minu/FRNRST34B11F843P/blank.jpg\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:48:35 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5413,7 +5299,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133772887Z", "kind": "enrichment", "original": "{\"id\":\"961432\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961432/\",\"url\":\"https://univirtek.com/viro/RCUNDA90D24Z100H/1x1.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:35 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5459,7 +5344,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133773703Z", "kind": "enrichment", "original": "{\"id\":\"961433\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961433/\",\"url\":\"https://univirtek.com/viro/GTTGRI72H19A952D/map.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:35 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5505,7 +5389,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133774512Z", "kind": "enrichment", "original": "{\"id\":\"961434\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961434/\",\"url\":\"https://univirtek.com/viro/00385010103/map.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:35 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5551,7 +5434,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133775332Z", "kind": "enrichment", "original": "{\"id\":\"961435\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961435/\",\"url\":\"https://ladiesincode.com/ladi/04263990162/map.css\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:48:35 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5597,7 +5479,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133776294Z", "kind": "enrichment", "original": "{\"id\":\"961428\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961428/\",\"url\":\"https://univirtek.com/viro/BNNSFN74A13G674O/logo.png\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:34 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5643,7 +5524,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133777103Z", "kind": "enrichment", "original": "{\"id\":\"961429\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961429/\",\"url\":\"https://univirtek.com/viro/RZZCRS93B15G224O/it.gif\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:34 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5689,7 +5569,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133777900Z", "kind": "enrichment", "original": "{\"id\":\"961430\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961430/\",\"url\":\"https://cxminute.com/minu/01495100032/maps.gif\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:48:34 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5735,7 +5614,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133778742Z", "kind": "enrichment", "original": "{\"id\":\"961427\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961427/\",\"url\":\"https://letonguesc.com/leto/CMPDVD69C11G693Z/map.gif\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:48:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5781,7 +5659,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133779642Z", "kind": "enrichment", "original": "{\"id\":\"961426\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961426/\",\"url\":\"https://cxminute.com/minu/LLLMRC84B29A944R/it.jpg\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:48:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5827,7 +5704,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133780446Z", "kind": "enrichment", "original": "{\"id\":\"961421\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961421/\",\"url\":\"https://cxminute.com/minu/PRSSFN72L18C573S/map.css\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:48:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5873,7 +5749,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133781256Z", "kind": "enrichment", "original": "{\"id\":\"961422\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961422/\",\"url\":\"https://ladiesincode.com/ladi/00814870150/1x1.png\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:48:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5919,7 +5794,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133782065Z", "kind": "enrichment", "original": "{\"id\":\"961423\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961423/\",\"url\":\"https://ladiesincode.com/ladi/03635540234/it.gif\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:48:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -5965,7 +5839,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133782873Z", "kind": "enrichment", "original": "{\"id\":\"961424\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961424/\",\"url\":\"https://univirtek.com/viro/PLCSFN62B11D548Q/map.gif\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6011,7 +5884,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133783841Z", "kind": "enrichment", "original": "{\"id\":\"961425\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961425/\",\"url\":\"https://univirtek.com/viro/03294650167/maps.jpg\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6057,7 +5929,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133784634Z", "kind": "enrichment", "original": "{\"id\":\"961418\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961418/\",\"url\":\"https://univirtek.com/viro/GGLSCR73D17C627Q/blank.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6103,7 +5974,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133785445Z", "kind": "enrichment", "original": "{\"id\":\"961419\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961419/\",\"url\":\"https://univirtek.com/viro/CRRLRA68A70H501X/maps.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:48:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6149,7 +6019,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133786251Z", "kind": "enrichment", "original": "{\"id\":\"961420\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961420/\",\"url\":\"https://ladiesincode.com/ladi/CRSNLD59R12L840V/blank.jpg\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:48:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6195,7 +6064,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133787166Z", "kind": "enrichment", "original": "{\"id\":\"961416\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961416/\",\"url\":\"https://belfetproduction.com/bella/RTTCRL58M29A794D/logo.css\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:47:35 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6241,7 +6109,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133788001Z", "kind": "enrichment", "original": "{\"id\":\"961417\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961417/\",\"url\":\"https://letonguesc.com/leto/04138120169/en.jpg\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:47:35 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6287,7 +6154,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133788836Z", "kind": "enrichment", "original": "{\"id\":\"961408\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961408/\",\"url\":\"https://letonguesc.com/leto/SPGMRC73H13A475I/it.jpg\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:47:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6333,7 +6199,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133789645Z", "kind": "enrichment", "original": "{\"id\":\"961409\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961409/\",\"url\":\"https://letonguesc.com/leto/80007070552/it.png\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:47:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6379,7 +6244,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133790449Z", "kind": "enrichment", "original": "{\"id\":\"961410\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961410/\",\"url\":\"https://letonguesc.com/leto/02482130271/logo.png\",\"url_status\":\"offline\",\"host\":\"letonguesc.com\",\"date_added\":\"2021-01-14 20:47:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6425,7 +6289,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133791368Z", "kind": "enrichment", "original": "{\"id\":\"961411\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961411/\",\"url\":\"https://univirtek.com/viro/15730201009/uk.gif\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:47:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6471,7 +6334,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133792178Z", "kind": "enrichment", "original": "{\"id\":\"961412\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961412/\",\"url\":\"https://univirtek.com/viro/01074480250/maps.css\",\"url_status\":\"offline\",\"host\":\"univirtek.com\",\"date_added\":\"2021-01-14 20:47:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6517,7 +6379,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133792979Z", "kind": "enrichment", "original": "{\"id\":\"961413\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961413/\",\"url\":\"https://cxminute.com/minu/SCHRKE77C47G224W/1x1.jpg\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:47:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6563,7 +6424,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133793796Z", "kind": "enrichment", "original": "{\"id\":\"961414\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961414/\",\"url\":\"https://cxminute.com/minu/04281560377/en.css\",\"url_status\":\"offline\",\"host\":\"cxminute.com\",\"date_added\":\"2021-01-14 20:47:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6609,7 +6469,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133794714Z", "kind": "enrichment", "original": "{\"id\":\"961415\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961415/\",\"url\":\"https://ladiesincode.com/ladi/02613440060/maps.png\",\"url_status\":\"offline\",\"host\":\"ladiesincode.com\",\"date_added\":\"2021-01-14 20:47:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6655,7 +6514,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133795589Z", "kind": "enrichment", "original": "{\"id\":\"961406\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961406/\",\"url\":\"https://nowyouknowent.com/werdona/PLLRRT83A05H501O/it.gif\",\"url_status\":\"offline\",\"host\":\"nowyouknowent.com\",\"date_added\":\"2021-01-14 20:47:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6701,7 +6559,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133796423Z", "kind": "enrichment", "original": "{\"id\":\"961407\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961407/\",\"url\":\"https://hoagtechhydroponics.com/teco/LGTCDC74T45F205G/logo.png\",\"url_status\":\"offline\",\"host\":\"hoagtechhydroponics.com\",\"date_added\":\"2021-01-14 20:47:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6747,7 +6604,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133797223Z", "kind": "enrichment", "original": "{\"id\":\"961404\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961404/\",\"url\":\"https://belfetproduction.com/bella/00160060349/uk.jpg\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:42:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6793,7 +6649,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133798089Z", "kind": "enrichment", "original": "{\"id\":\"961405\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961405/\",\"url\":\"https://belfetproduction.com/bella/01288650243/1x1.jpg\",\"url_status\":\"offline\",\"host\":\"belfetproduction.com\",\"date_added\":\"2021-01-14 20:42:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Cryptolaemus1\",\"larted\":\"false\",\"tags\":[\"sLoad\"]}", "type": "indicator" @@ -6841,7 +6696,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133799065Z", "kind": "enrichment", "original": "{\"id\":\"961403\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961403/\",\"url\":\"http://89.160.20.156:50611/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:39:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -6890,7 +6744,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133799867Z", "kind": "enrichment", "original": "{\"id\":\"961402\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961402/\",\"url\":\"http://89.160.20.156:45371/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:36:14 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -6939,7 +6792,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133800677Z", "kind": "enrichment", "original": "{\"id\":\"961400\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961400/\",\"url\":\"http://89.160.20.156:50093/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -6988,7 +6840,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133801494Z", "kind": "enrichment", "original": "{\"id\":\"961401\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961401/\",\"url\":\"http://89.160.20.156:36652/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7037,7 +6888,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133802402Z", "kind": "enrichment", "original": "{\"id\":\"961397\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961397/\",\"url\":\"http://89.160.20.156:54182/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:36:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7086,7 +6936,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133803218Z", "kind": "enrichment", "original": "{\"id\":\"961398\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961398/\",\"url\":\"http://89.160.20.156:46048/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:36:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7135,7 +6984,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133804026Z", "kind": "enrichment", "original": "{\"id\":\"961399\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961399/\",\"url\":\"http://89.160.20.156:33953/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:36:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7184,7 +7032,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133804858Z", "kind": "enrichment", "original": "{\"id\":\"961393\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961393/\",\"url\":\"http://89.160.20.156:36447/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7233,7 +7080,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133805684Z", "kind": "enrichment", "original": "{\"id\":\"961394\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961394/\",\"url\":\"http://89.160.20.156:36828/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7282,7 +7128,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133806558Z", "kind": "enrichment", "original": "{\"id\":\"961395\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961395/\",\"url\":\"http://89.160.20.156:55281/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7331,7 +7176,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133807422Z", "kind": "enrichment", "original": "{\"id\":\"961396\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961396/\",\"url\":\"http://89.160.20.156:49772/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7380,7 +7224,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133808239Z", "kind": "enrichment", "original": "{\"id\":\"961391\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961391/\",\"url\":\"http://89.160.20.156:50229/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:34:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7429,7 +7272,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133809033Z", "kind": "enrichment", "original": "{\"id\":\"961392\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961392/\",\"url\":\"http://89.160.20.156:39996/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:34:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7478,7 +7320,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133809946Z", "kind": "enrichment", "original": "{\"id\":\"961387\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961387/\",\"url\":\"http://89.160.20.156:50195/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7527,7 +7368,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133810859Z", "kind": "enrichment", "original": "{\"id\":\"961388\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961388/\",\"url\":\"http://89.160.20.156:52447/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7576,7 +7416,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.133811654Z", "kind": "enrichment", "original": "{\"id\":\"961389\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961389/\",\"url\":\"http://89.160.20.156:56321/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7625,7 +7464,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134071145Z", "kind": "enrichment", "original": "{\"id\":\"961390\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961390/\",\"url\":\"http://89.160.20.156:54620/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7674,7 +7512,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134072941Z", "kind": "enrichment", "original": "{\"id\":\"961386\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961386/\",\"url\":\"http://89.160.20.156:52064/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:23:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7723,7 +7560,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134073944Z", "kind": "enrichment", "original": "{\"id\":\"961385\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961385/\",\"url\":\"http://89.160.20.156:47401/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:22:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7772,7 +7608,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134075135Z", "kind": "enrichment", "original": "{\"id\":\"961382\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961382/\",\"url\":\"http://89.160.20.156:46527/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:22:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7821,7 +7656,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134080158Z", "kind": "enrichment", "original": "{\"id\":\"961383\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961383/\",\"url\":\"http://89.160.20.156:38132/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:22:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7870,7 +7704,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134081214Z", "kind": "enrichment", "original": "{\"id\":\"961384\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961384/\",\"url\":\"http://89.160.20.156:59015/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:22:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7919,7 +7752,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134082157Z", "kind": "enrichment", "original": "{\"id\":\"961379\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961379/\",\"url\":\"http://89.160.20.156:59454/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -7968,7 +7800,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134082977Z", "kind": "enrichment", "original": "{\"id\":\"961380\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961380/\",\"url\":\"http://89.160.20.156:37883/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8017,7 +7848,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134083801Z", "kind": "enrichment", "original": "{\"id\":\"961381\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961381/\",\"url\":\"http://89.160.20.156:55209/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8066,7 +7896,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134084635Z", "kind": "enrichment", "original": "{\"id\":\"961378\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961378/\",\"url\":\"http://89.160.20.156:41062/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:21:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8116,7 +7945,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134085631Z", "kind": "enrichment", "original": "{\"id\":\"961377\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961377/\",\"url\":\"http://89.160.20.156:60380/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:21:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -8164,7 +7992,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134086457Z", "kind": "enrichment", "original": "{\"id\":\"961375\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961375/\",\"url\":\"http://89.160.20.156:54796/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8213,7 +8040,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134087302Z", "kind": "enrichment", "original": "{\"id\":\"961376\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961376/\",\"url\":\"http://89.160.20.156:35251/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8262,7 +8088,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134088123Z", "kind": "enrichment", "original": "{\"id\":\"961373\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961373/\",\"url\":\"http://89.160.20.156:50562/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8311,7 +8136,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134089137Z", "kind": "enrichment", "original": "{\"id\":\"961374\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961374/\",\"url\":\"http://89.160.20.156:33445/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8360,7 +8184,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134090090Z", "kind": "enrichment", "original": "{\"id\":\"961370\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961370/\",\"url\":\"http://89.160.20.156:60280/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8409,7 +8232,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134090941Z", "kind": "enrichment", "original": "{\"id\":\"961371\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961371/\",\"url\":\"http://89.160.20.156:46386/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8458,7 +8280,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134091760Z", "kind": "enrichment", "original": "{\"id\":\"961372\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961372/\",\"url\":\"http://89.160.20.156:60288/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8507,7 +8328,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134092608Z", "kind": "enrichment", "original": "{\"id\":\"961368\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961368/\",\"url\":\"http://89.160.20.156:49731/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8556,7 +8376,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134093604Z", "kind": "enrichment", "original": "{\"id\":\"961369\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961369/\",\"url\":\"http://89.160.20.156:38837/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8605,7 +8424,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134094423Z", "kind": "enrichment", "original": "{\"id\":\"961366\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961366/\",\"url\":\"http://89.160.20.156:37814/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8654,7 +8472,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134095236Z", "kind": "enrichment", "original": "{\"id\":\"961367\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961367/\",\"url\":\"http://89.160.20.156:47507/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8704,7 +8521,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134096052Z", "kind": "enrichment", "original": "{\"id\":\"961365\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961365/\",\"url\":\"http://89.160.20.156:47140/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:18:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -8752,7 +8568,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134096865Z", "kind": "enrichment", "original": "{\"id\":\"961363\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961363/\",\"url\":\"http://89.160.20.156:41514/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:11 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8801,7 +8616,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134097818Z", "kind": "enrichment", "original": "{\"id\":\"961364\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961364/\",\"url\":\"http://89.160.20.156:58748/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:11 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8850,7 +8664,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134098640Z", "kind": "enrichment", "original": "{\"id\":\"961362\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961362/\",\"url\":\"http://89.160.20.156:51183/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8899,7 +8712,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134099474Z", "kind": "enrichment", "original": "{\"id\":\"961361\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961361/\",\"url\":\"http://89.160.20.156:42104/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8948,7 +8760,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134100289Z", "kind": "enrichment", "original": "{\"id\":\"961354\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961354/\",\"url\":\"http://89.160.20.156:53130/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -8997,7 +8808,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134101164Z", "kind": "enrichment", "original": "{\"id\":\"961355\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961355/\",\"url\":\"http://89.160.20.156:57768/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9046,7 +8856,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134102160Z", "kind": "enrichment", "original": "{\"id\":\"961356\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961356/\",\"url\":\"http://89.160.20.156:34541/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9095,7 +8904,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134102975Z", "kind": "enrichment", "original": "{\"id\":\"961357\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961357/\",\"url\":\"http://89.160.20.156:51344/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9144,7 +8952,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134103810Z", "kind": "enrichment", "original": "{\"id\":\"961358\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961358/\",\"url\":\"http://89.160.20.156:40084/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9193,7 +9000,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134104641Z", "kind": "enrichment", "original": "{\"id\":\"961359\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961359/\",\"url\":\"http://89.160.20.156:60457/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9242,7 +9048,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134105569Z", "kind": "enrichment", "original": "{\"id\":\"961360\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961360/\",\"url\":\"http://89.160.20.156:34906/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9291,7 +9096,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134106385Z", "kind": "enrichment", "original": "{\"id\":\"961353\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961353/\",\"url\":\"http://89.160.20.156:59847/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:10:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9340,7 +9144,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134107211Z", "kind": "enrichment", "original": "{\"id\":\"961352\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961352/\",\"url\":\"http://89.160.20.156:47873/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:09:00 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9389,7 +9192,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134108042Z", "kind": "enrichment", "original": "{\"id\":\"961349\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961349/\",\"url\":\"http://89.160.20.156:48645/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9438,7 +9240,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134108921Z", "kind": "enrichment", "original": "{\"id\":\"961350\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961350/\",\"url\":\"http://89.160.20.156:36524/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9487,7 +9288,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134109996Z", "kind": "enrichment", "original": "{\"id\":\"961351\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961351/\",\"url\":\"http://89.160.20.156:38726/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9536,7 +9336,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134110910Z", "kind": "enrichment", "original": "{\"id\":\"961345\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961345/\",\"url\":\"http://89.160.20.156:41149/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:05:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9585,7 +9384,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134112638Z", "kind": "enrichment", "original": "{\"id\":\"961346\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961346/\",\"url\":\"http://89.160.20.156:46993/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:05:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9634,7 +9432,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134113525Z", "kind": "enrichment", "original": "{\"id\":\"961347\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961347/\",\"url\":\"http://89.160.20.156:39190/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:05:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9683,7 +9480,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134114482Z", "kind": "enrichment", "original": "{\"id\":\"961348\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961348/\",\"url\":\"http://89.160.20.156:48344/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:05:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9733,7 +9529,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134115363Z", "kind": "enrichment", "original": "{\"id\":\"961344\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961344/\",\"url\":\"http://89.160.20.156:58427/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:04:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -9783,7 +9578,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134116180Z", "kind": "enrichment", "original": "{\"id\":\"961343\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961343/\",\"url\":\"http://89.160.20.156:41921/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 20:02:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -9832,7 +9626,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134117006Z", "kind": "enrichment", "original": "{\"id\":\"961342\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961342/\",\"url\":\"http://89.160.20.156:47140/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:55:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -9881,7 +9674,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134117900Z", "kind": "enrichment", "original": "{\"id\":\"961341\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961341/\",\"url\":\"http://89.160.20.156:34789/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:52:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9930,7 +9722,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134118771Z", "kind": "enrichment", "original": "{\"id\":\"961340\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961340/\",\"url\":\"http://89.160.20.156:37634/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:52:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -9979,7 +9770,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134119645Z", "kind": "enrichment", "original": "{\"id\":\"961339\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961339/\",\"url\":\"http://89.160.20.156:41636/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10028,7 +9818,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134120487Z", "kind": "enrichment", "original": "{\"id\":\"961338\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961338/\",\"url\":\"http://89.160.20.156:32907/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:51:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10077,7 +9866,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134121318Z", "kind": "enrichment", "original": "{\"id\":\"961336\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961336/\",\"url\":\"http://89.160.20.156:57568/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:51:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10126,7 +9914,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134122247Z", "kind": "enrichment", "original": "{\"id\":\"961337\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961337/\",\"url\":\"http://89.160.20.156:40740/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:51:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10175,7 +9962,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134123066Z", "kind": "enrichment", "original": "{\"id\":\"961331\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961331/\",\"url\":\"http://89.160.20.156:35927/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10224,7 +10010,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134123885Z", "kind": "enrichment", "original": "{\"id\":\"961332\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961332/\",\"url\":\"http://89.160.20.156:55558/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10273,7 +10058,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134124747Z", "kind": "enrichment", "original": "{\"id\":\"961333\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961333/\",\"url\":\"http://89.160.20.156:60558/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10322,7 +10106,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134125569Z", "kind": "enrichment", "original": "{\"id\":\"961334\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961334/\",\"url\":\"http://89.160.20.156:59624/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10371,7 +10154,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134126591Z", "kind": "enrichment", "original": "{\"id\":\"961335\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961335/\",\"url\":\"http://89.160.20.156:39386/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10420,7 +10202,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134127418Z", "kind": "enrichment", "original": "{\"id\":\"961322\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961322/\",\"url\":\"http://89.160.20.156:46289/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10469,7 +10250,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134128234Z", "kind": "enrichment", "original": "{\"id\":\"961323\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961323/\",\"url\":\"http://89.160.20.156:34951/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10518,7 +10298,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134129071Z", "kind": "enrichment", "original": "{\"id\":\"961324\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961324/\",\"url\":\"http://89.160.20.156:47594/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10567,7 +10346,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134130Z", "kind": "enrichment", "original": "{\"id\":\"961325\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961325/\",\"url\":\"http://89.160.20.156:55792/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10616,7 +10394,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134130893Z", "kind": "enrichment", "original": "{\"id\":\"961326\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961326/\",\"url\":\"http://89.160.20.156:35271/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10665,7 +10442,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134131708Z", "kind": "enrichment", "original": "{\"id\":\"961327\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961327/\",\"url\":\"http://89.160.20.156:36300/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10714,7 +10490,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134132525Z", "kind": "enrichment", "original": "{\"id\":\"961328\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961328/\",\"url\":\"http://89.160.20.156:60680/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10763,7 +10538,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134133351Z", "kind": "enrichment", "original": "{\"id\":\"961329\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961329/\",\"url\":\"http://89.160.20.156:51132/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10812,7 +10586,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134134262Z", "kind": "enrichment", "original": "{\"id\":\"961330\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961330/\",\"url\":\"http://89.160.20.156:39049/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10861,7 +10634,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134135121Z", "kind": "enrichment", "original": "{\"id\":\"961321\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961321/\",\"url\":\"http://89.160.20.156:57455/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:49:12 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10910,7 +10682,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134135943Z", "kind": "enrichment", "original": "{\"id\":\"961320\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961320/\",\"url\":\"http://89.160.20.156:32823/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:49:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -10959,7 +10730,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134136766Z", "kind": "enrichment", "original": "{\"id\":\"961318\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961318/\",\"url\":\"http://89.160.20.156:44103/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:49:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11008,7 +10778,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134137649Z", "kind": "enrichment", "original": "{\"id\":\"961319\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961319/\",\"url\":\"http://89.160.20.156:36257/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:49:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11058,7 +10827,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134138531Z", "kind": "enrichment", "original": "{\"id\":\"961317\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961317/\",\"url\":\"http://89.160.20.156:41921/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:45:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -11108,7 +10876,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134139364Z", "kind": "enrichment", "original": "{\"id\":\"961316\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961316/\",\"url\":\"http://89.160.20.156:50971/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:44:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -11156,7 +10923,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134140206Z", "kind": "enrichment", "original": "{\"id\":\"961315\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961315/\",\"url\":\"http://89.160.20.156:56339/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:13 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11205,7 +10971,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134141026Z", "kind": "enrichment", "original": "{\"id\":\"961314\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961314/\",\"url\":\"http://89.160.20.156:52551/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11254,7 +11019,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134141953Z", "kind": "enrichment", "original": "{\"id\":\"961312\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961312/\",\"url\":\"http://89.160.20.156:35942/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11303,7 +11067,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134142823Z", "kind": "enrichment", "original": "{\"id\":\"961313\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961313/\",\"url\":\"http://89.160.20.156:39636/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11352,7 +11115,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134143643Z", "kind": "enrichment", "original": "{\"id\":\"961310\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961310/\",\"url\":\"http://89.160.20.156:53548/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11401,7 +11163,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134144478Z", "kind": "enrichment", "original": "{\"id\":\"961311\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961311/\",\"url\":\"http://89.160.20.156:40967/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11450,7 +11211,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134145367Z", "kind": "enrichment", "original": "{\"id\":\"961309\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961309/\",\"url\":\"http://89.160.20.156:49471/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11499,7 +11259,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134146242Z", "kind": "enrichment", "original": "{\"id\":\"961302\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961302/\",\"url\":\"http://89.160.20.156:43937/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11548,7 +11307,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134147060Z", "kind": "enrichment", "original": "{\"id\":\"961303\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961303/\",\"url\":\"http://89.160.20.156:57992/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11597,7 +11355,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134147880Z", "kind": "enrichment", "original": "{\"id\":\"961304\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961304/\",\"url\":\"http://89.160.20.156:43603/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11646,7 +11403,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134148720Z", "kind": "enrichment", "original": "{\"id\":\"961305\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961305/\",\"url\":\"http://89.160.20.156:37157/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11695,7 +11451,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134149717Z", "kind": "enrichment", "original": "{\"id\":\"961306\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961306/\",\"url\":\"http://89.160.20.156:37229/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11744,7 +11499,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134150783Z", "kind": "enrichment", "original": "{\"id\":\"961307\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961307/\",\"url\":\"http://89.160.20.156:49104/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11793,7 +11547,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134151612Z", "kind": "enrichment", "original": "{\"id\":\"961308\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961308/\",\"url\":\"http://89.160.20.156:49575/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11842,7 +11595,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134152547Z", "kind": "enrichment", "original": "{\"id\":\"961299\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961299/\",\"url\":\"http://89.160.20.156:50000/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:35:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11891,7 +11643,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134153385Z", "kind": "enrichment", "original": "{\"id\":\"961300\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961300/\",\"url\":\"http://89.160.20.156:36251/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:35:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11940,7 +11691,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134154202Z", "kind": "enrichment", "original": "{\"id\":\"961301\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961301/\",\"url\":\"http://89.160.20.156:51932/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:35:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -11989,7 +11739,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134155031Z", "kind": "enrichment", "original": "{\"id\":\"961297\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961297/\",\"url\":\"http://89.160.20.156:45660/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12038,7 +11787,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134155865Z", "kind": "enrichment", "original": "{\"id\":\"961298\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961298/\",\"url\":\"http://89.160.20.156:42478/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12087,7 +11835,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134156956Z", "kind": "enrichment", "original": "{\"id\":\"961296\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961296/\",\"url\":\"http://89.160.20.156:50726/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12137,7 +11884,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134157776Z", "kind": "enrichment", "original": "{\"id\":\"961295\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961295/\",\"url\":\"http://89.160.20.156:40256/i\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:33:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -12186,7 +11932,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134158598Z", "kind": "enrichment", "original": "{\"id\":\"961294\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961294/\",\"url\":\"http://89.160.20.156:50971/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:29:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -12235,7 +11980,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134159416Z", "kind": "enrichment", "original": "{\"id\":\"961293\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961293/\",\"url\":\"https://realestatederivatives.com.ng/zx/janomo_hfWUGQvSPn0.bin\",\"url_status\":\"online\",\"host\":\"realestatederivatives.com.ng\",\"date_added\":\"2021-01-14 19:24:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"abused_legit_malware\",\"surbl\":\"not listed\"},\"reporter\":\"abuse_ch\",\"larted\":\"true\",\"tags\":[\"encrypted\",\"GuLoader\"]}", "type": "indicator" @@ -12282,7 +12026,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134160412Z", "kind": "enrichment", "original": "{\"id\":\"961291\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961291/\",\"url\":\"http://89.160.20.156:33946/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:22:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12331,7 +12074,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134161237Z", "kind": "enrichment", "original": "{\"id\":\"961292\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961292/\",\"url\":\"http://89.160.20.156:39990/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:22:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12380,7 +12122,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134162060Z", "kind": "enrichment", "original": "{\"id\":\"961288\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961288/\",\"url\":\"http://89.160.20.156:60558/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12429,7 +12170,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134162878Z", "kind": "enrichment", "original": "{\"id\":\"961289\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961289/\",\"url\":\"http://89.160.20.156:32989/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12478,7 +12218,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134163693Z", "kind": "enrichment", "original": "{\"id\":\"961290\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961290/\",\"url\":\"http://89.160.20.156:52458/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12527,7 +12266,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134164933Z", "kind": "enrichment", "original": "{\"id\":\"961286\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961286/\",\"url\":\"http://89.160.20.156:60735/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:21:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12576,7 +12314,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134165748Z", "kind": "enrichment", "original": "{\"id\":\"961287\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961287/\",\"url\":\"http://89.160.20.156:34755/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:21:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12625,7 +12362,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134166562Z", "kind": "enrichment", "original": "{\"id\":\"961285\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961285/\",\"url\":\"http://89.160.20.156:39290/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12674,7 +12410,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134167383Z", "kind": "enrichment", "original": "{\"id\":\"961279\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961279/\",\"url\":\"http://89.160.20.156:56141/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12723,7 +12458,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134168320Z", "kind": "enrichment", "original": "{\"id\":\"961280\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961280/\",\"url\":\"http://89.160.20.156:40247/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12773,7 +12507,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134169193Z", "kind": "enrichment", "original": "{\"id\":\"961281\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961281/\",\"url\":\"http://89.160.20.156:36619/i\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -12821,7 +12554,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134170025Z", "kind": "enrichment", "original": "{\"id\":\"961282\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961282/\",\"url\":\"http://89.160.20.156:43673/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12870,7 +12602,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134170842Z", "kind": "enrichment", "original": "{\"id\":\"961283\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961283/\",\"url\":\"http://89.160.20.156:55726/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12919,7 +12650,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134171662Z", "kind": "enrichment", "original": "{\"id\":\"961284\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961284/\",\"url\":\"http://89.160.20.156:59668/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -12968,7 +12698,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134172589Z", "kind": "enrichment", "original": "{\"id\":\"961278\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961278/\",\"url\":\"http://89.160.20.156:34391/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13017,7 +12746,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134173467Z", "kind": "enrichment", "original": "{\"id\":\"961277\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961277/\",\"url\":\"http://89.160.20.156:49478/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13066,7 +12794,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134174303Z", "kind": "enrichment", "original": "{\"id\":\"961276\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961276/\",\"url\":\"http://89.160.20.156:54670/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13115,7 +12842,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134175121Z", "kind": "enrichment", "original": "{\"id\":\"961270\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961270/\",\"url\":\"http://89.160.20.156:59599/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13164,7 +12890,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134175997Z", "kind": "enrichment", "original": "{\"id\":\"961271\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961271/\",\"url\":\"http://89.160.20.156:45189/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13213,7 +12938,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134176921Z", "kind": "enrichment", "original": "{\"id\":\"961272\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961272/\",\"url\":\"http://89.160.20.156:60805/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13262,7 +12986,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134177751Z", "kind": "enrichment", "original": "{\"id\":\"961273\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961273/\",\"url\":\"http://89.160.20.156:38888/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13311,7 +13034,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134178572Z", "kind": "enrichment", "original": "{\"id\":\"961274\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961274/\",\"url\":\"http://89.160.20.156:47869/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13360,7 +13082,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134179397Z", "kind": "enrichment", "original": "{\"id\":\"961275\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961275/\",\"url\":\"http://89.160.20.156:57478/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13410,7 +13131,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134180331Z", "kind": "enrichment", "original": "{\"id\":\"961269\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961269/\",\"url\":\"http://89.160.20.156:40256/bin.sh\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:10:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -13459,7 +13179,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134181151Z", "kind": "enrichment", "original": "{\"id\":\"961268\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961268/\",\"url\":\"http://89.160.20.156:49035/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:07:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13508,7 +13227,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134181973Z", "kind": "enrichment", "original": "{\"id\":\"961266\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961266/\",\"url\":\"http://89.160.20.156:41531/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13557,7 +13275,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134182788Z", "kind": "enrichment", "original": "{\"id\":\"961267\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961267/\",\"url\":\"http://89.160.20.156:49596/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13606,7 +13323,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134183614Z", "kind": "enrichment", "original": "{\"id\":\"961265\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961265/\",\"url\":\"http://89.160.20.156:43584/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:07:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13655,7 +13371,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134184564Z", "kind": "enrichment", "original": "{\"id\":\"961264\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961264/\",\"url\":\"http://89.160.20.156:44976/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:06:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13704,7 +13419,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134185385Z", "kind": "enrichment", "original": "{\"id\":\"961259\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961259/\",\"url\":\"http://89.160.20.156:51107/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13753,7 +13467,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134186223Z", "kind": "enrichment", "original": "{\"id\":\"961260\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961260/\",\"url\":\"http://89.160.20.156:33790/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13802,7 +13515,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134187061Z", "kind": "enrichment", "original": "{\"id\":\"961261\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961261/\",\"url\":\"http://89.160.20.156:58919/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13851,7 +13563,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134187955Z", "kind": "enrichment", "original": "{\"id\":\"961262\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961262/\",\"url\":\"http://89.160.20.156:40395/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13900,7 +13611,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134188777Z", "kind": "enrichment", "original": "{\"id\":\"961263\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961263/\",\"url\":\"http://89.160.20.156:53510/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13949,7 +13659,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134189591Z", "kind": "enrichment", "original": "{\"id\":\"961258\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961258/\",\"url\":\"http://89.160.20.156:39115/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:12 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -13998,7 +13707,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134190410Z", "kind": "enrichment", "original": "{\"id\":\"961257\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961257/\",\"url\":\"http://89.160.20.156:40713/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:11 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14047,7 +13755,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134191240Z", "kind": "enrichment", "original": "{\"id\":\"961256\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961256/\",\"url\":\"http://89.160.20.156:54811/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14096,7 +13803,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134192478Z", "kind": "enrichment", "original": "{\"id\":\"961255\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961255/\",\"url\":\"http://89.160.20.156:58269/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14145,7 +13851,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134193344Z", "kind": "enrichment", "original": "{\"id\":\"961251\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961251/\",\"url\":\"http://89.160.20.156:47985/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14194,7 +13899,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134194167Z", "kind": "enrichment", "original": "{\"id\":\"961252\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961252/\",\"url\":\"http://89.160.20.156:38107/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14243,7 +13947,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134194990Z", "kind": "enrichment", "original": "{\"id\":\"961253\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961253/\",\"url\":\"http://89.160.20.156:50354/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14292,7 +13995,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134195900Z", "kind": "enrichment", "original": "{\"id\":\"961254\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961254/\",\"url\":\"http://89.160.20.156:44987/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14341,7 +14043,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134196807Z", "kind": "enrichment", "original": "{\"id\":\"961249\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961249/\",\"url\":\"http://89.160.20.156:44681/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14390,7 +14091,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134197627Z", "kind": "enrichment", "original": "{\"id\":\"961250\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961250/\",\"url\":\"http://89.160.20.156:58391/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14439,7 +14139,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134200155Z", "kind": "enrichment", "original": "{\"id\":\"961248\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961248/\",\"url\":\"http://89.160.20.156:48540/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:04:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14488,7 +14187,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134201037Z", "kind": "enrichment", "original": "{\"id\":\"961246\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961246/\",\"url\":\"http://89.160.20.156:42755/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:04:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14537,7 +14235,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134202012Z", "kind": "enrichment", "original": "{\"id\":\"961247\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961247/\",\"url\":\"http://89.160.20.156:52688/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:04:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14586,7 +14283,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134202894Z", "kind": "enrichment", "original": "{\"id\":\"961244\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961244/\",\"url\":\"http://89.160.20.156:33782/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14635,7 +14331,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134203726Z", "kind": "enrichment", "original": "{\"id\":\"961245\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961245/\",\"url\":\"http://89.160.20.156:50381/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14684,7 +14379,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134204545Z", "kind": "enrichment", "original": "{\"id\":\"961243\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961243/\",\"url\":\"http://89.160.20.156:44219/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14734,7 +14428,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134205479Z", "kind": "enrichment", "original": "{\"id\":\"961242\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961242/\",\"url\":\"http://89.160.20.156:36619/bin.sh\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 19:01:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -14784,7 +14477,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134206404Z", "kind": "enrichment", "original": "{\"id\":\"961241\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961241/\",\"url\":\"http://89.160.20.156:59976/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:56:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -14832,7 +14524,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134207218Z", "kind": "enrichment", "original": "{\"id\":\"961239\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961239/\",\"url\":\"http://89.160.20.156:48688/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14881,7 +14572,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134208053Z", "kind": "enrichment", "original": "{\"id\":\"961240\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961240/\",\"url\":\"http://89.160.20.156:45682/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14930,7 +14620,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134208876Z", "kind": "enrichment", "original": "{\"id\":\"961238\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961238/\",\"url\":\"http://89.160.20.156:34922/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -14979,7 +14668,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134209822Z", "kind": "enrichment", "original": "{\"id\":\"961233\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961233/\",\"url\":\"http://89.160.20.156:37489/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15028,7 +14716,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134210655Z", "kind": "enrichment", "original": "{\"id\":\"961234\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961234/\",\"url\":\"http://89.160.20.156:51940/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15077,7 +14764,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134211494Z", "kind": "enrichment", "original": "{\"id\":\"961235\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961235/\",\"url\":\"http://89.160.20.156:49599/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15126,7 +14812,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134212314Z", "kind": "enrichment", "original": "{\"id\":\"961236\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961236/\",\"url\":\"http://89.160.20.156:53436/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15175,7 +14860,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134213200Z", "kind": "enrichment", "original": "{\"id\":\"961237\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961237/\",\"url\":\"http://89.160.20.156:57237/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15224,7 +14908,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134214182Z", "kind": "enrichment", "original": "{\"id\":\"961232\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961232/\",\"url\":\"http://89.160.20.156:50907/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15273,7 +14956,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134215009Z", "kind": "enrichment", "original": "{\"id\":\"961231\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961231/\",\"url\":\"http://89.160.20.156:41910/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:14 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15322,7 +15004,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134215853Z", "kind": "enrichment", "original": "{\"id\":\"961229\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961229/\",\"url\":\"http://89.160.20.156:57217/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15371,7 +15052,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134216683Z", "kind": "enrichment", "original": "{\"id\":\"961230\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961230/\",\"url\":\"http://89.160.20.156:47632/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15420,7 +15100,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134217616Z", "kind": "enrichment", "original": "{\"id\":\"961227\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961227/\",\"url\":\"http://89.160.20.156:46654/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15469,7 +15148,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134218456Z", "kind": "enrichment", "original": "{\"id\":\"961228\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961228/\",\"url\":\"http://89.160.20.156:59073/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15518,7 +15196,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134219275Z", "kind": "enrichment", "original": "{\"id\":\"961221\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961221/\",\"url\":\"http://89.160.20.156:37958/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15567,7 +15244,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134220095Z", "kind": "enrichment", "original": "{\"id\":\"961222\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961222/\",\"url\":\"http://89.160.20.156:53943/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15616,7 +15292,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134220916Z", "kind": "enrichment", "original": "{\"id\":\"961223\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961223/\",\"url\":\"http://89.160.20.156:40404/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15665,7 +15340,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134221816Z", "kind": "enrichment", "original": "{\"id\":\"961224\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961224/\",\"url\":\"http://89.160.20.156:46738/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15714,7 +15388,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134222636Z", "kind": "enrichment", "original": "{\"id\":\"961225\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961225/\",\"url\":\"http://89.160.20.156:58234/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15763,7 +15436,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134223471Z", "kind": "enrichment", "original": "{\"id\":\"961226\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961226/\",\"url\":\"http://89.160.20.156:36911/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15812,7 +15484,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134224290Z", "kind": "enrichment", "original": "{\"id\":\"961220\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961220/\",\"url\":\"http://89.160.20.156:35028/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:49:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -15862,7 +15533,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134225540Z", "kind": "enrichment", "original": "{\"id\":\"961219\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961219/\",\"url\":\"http://allanabolicsteam.net/nedfr_.exe\",\"url_status\":\"offline\",\"host\":\"allanabolicsteam.net\",\"date_added\":\"2021-01-14 18:47:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"abused_legit_malware\",\"surbl\":\"not listed\"},\"reporter\":\"Myrtus0x0\",\"larted\":\"true\",\"tags\":[\"c2\",\"hancitor\",\"payload\"]}", "type": "indicator" @@ -15908,7 +15578,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134226443Z", "kind": "enrichment", "original": "{\"id\":\"961217\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961217/\",\"url\":\"https://intranetstc.micromart.com.br/fined.php\",\"url_status\":\"offline\",\"host\":\"intranetstc.micromart.com.br\",\"date_added\":\"2021-01-14 18:47:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"0x49736b\",\"larted\":\"false\",\"tags\":[\"Dridex\"]}", "type": "indicator" @@ -15956,7 +15625,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134227269Z", "kind": "enrichment", "original": "{\"id\":\"961218\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961218/\",\"url\":\"http://allanabolicsteam.net/1301s.bin\",\"url_status\":\"online\",\"host\":\"allanabolicsteam.net\",\"date_added\":\"2021-01-14 18:47:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"abused_legit_malware\",\"surbl\":\"not listed\"},\"reporter\":\"Myrtus0x0\",\"larted\":\"true\",\"tags\":[\"c2\",\"hancitor\",\"payload\"]}", "type": "indicator" @@ -16004,7 +15672,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134228093Z", "kind": "enrichment", "original": "{\"id\":\"961216\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961216/\",\"url\":\"http://89.160.20.156:43741/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:44:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -16053,7 +15720,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134228918Z", "kind": "enrichment", "original": "{\"id\":\"961215\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961215/\",\"url\":\"http://89.160.20.156:45803/bin.sh\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:41:10 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"false\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -16102,7 +15768,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134229802Z", "kind": "enrichment", "original": "{\"id\":\"961214\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961214/\",\"url\":\"http://89.160.20.156:38611/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:36:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"false\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16151,7 +15816,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134230637Z", "kind": "enrichment", "original": "{\"id\":\"961213\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961213/\",\"url\":\"http://89.160.20.156:35185/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:36:12 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16200,7 +15864,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134231462Z", "kind": "enrichment", "original": "{\"id\":\"961212\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961212/\",\"url\":\"http://89.160.20.156:35054/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:36:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16249,7 +15912,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134232297Z", "kind": "enrichment", "original": "{\"id\":\"961207\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961207/\",\"url\":\"http://89.160.20.156:60038/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16298,7 +15960,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134233250Z", "kind": "enrichment", "original": "{\"id\":\"961208\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961208/\",\"url\":\"http://89.160.20.156:52253/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16347,7 +16008,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134234124Z", "kind": "enrichment", "original": "{\"id\":\"961209\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961209/\",\"url\":\"http://89.160.20.156:43125/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16396,7 +16056,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134234969Z", "kind": "enrichment", "original": "{\"id\":\"961210\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961210/\",\"url\":\"http://89.160.20.156:52650/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16445,7 +16104,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134235789Z", "kind": "enrichment", "original": "{\"id\":\"961211\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961211/\",\"url\":\"http://89.160.20.156:59273/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16494,7 +16152,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134236607Z", "kind": "enrichment", "original": "{\"id\":\"961206\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961206/\",\"url\":\"http://89.160.20.156:40346/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16543,7 +16200,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134237552Z", "kind": "enrichment", "original": "{\"id\":\"961204\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961204/\",\"url\":\"http://89.160.20.156:44242/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16592,7 +16248,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134238375Z", "kind": "enrichment", "original": "{\"id\":\"961205\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961205/\",\"url\":\"http://89.160.20.156:40624/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16641,7 +16296,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134239195Z", "kind": "enrichment", "original": "{\"id\":\"961202\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961202/\",\"url\":\"http://89.160.20.156:41245/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16690,7 +16344,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134240020Z", "kind": "enrichment", "original": "{\"id\":\"961203\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961203/\",\"url\":\"http://89.160.20.156:48866/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16739,7 +16392,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134240903Z", "kind": "enrichment", "original": "{\"id\":\"961198\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961198/\",\"url\":\"http://89.160.20.156:58258/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16788,7 +16440,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134241831Z", "kind": "enrichment", "original": "{\"id\":\"961199\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961199/\",\"url\":\"http://89.160.20.156:34516/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16837,7 +16488,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134242652Z", "kind": "enrichment", "original": "{\"id\":\"961200\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961200/\",\"url\":\"http://89.160.20.156:47851/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16886,7 +16536,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134243488Z", "kind": "enrichment", "original": "{\"id\":\"961201\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961201/\",\"url\":\"http://89.160.20.156:49226/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -16936,7 +16585,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134244308Z", "kind": "enrichment", "original": "{\"id\":\"961197\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961197/\",\"url\":\"http://89.160.20.156:36957/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:34:10 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -16985,7 +16633,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134245252Z", "kind": "enrichment", "original": "{\"id\":\"961196\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961196/\",\"url\":\"http://89.160.20.156:53089/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:34:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17034,7 +16681,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134246126Z", "kind": "enrichment", "original": "{\"id\":\"961193\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961193/\",\"url\":\"http://89.160.20.156:57114/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17083,7 +16729,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134246946Z", "kind": "enrichment", "original": "{\"id\":\"961194\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961194/\",\"url\":\"http://89.160.20.156:33163/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17132,7 +16777,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134247774Z", "kind": "enrichment", "original": "{\"id\":\"961195\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961195/\",\"url\":\"http://89.160.20.156:48557/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17182,7 +16826,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134248663Z", "kind": "enrichment", "original": "{\"id\":\"961192\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961192/\",\"url\":\"http://89.160.20.156:59976/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:31:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -17232,7 +16875,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134249557Z", "kind": "enrichment", "original": "{\"id\":\"961191\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961191/\",\"url\":\"http://89.160.20.156:48291/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -17280,7 +16922,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134250375Z", "kind": "enrichment", "original": "{\"id\":\"961190\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961190/\",\"url\":\"http://89.160.20.156:45797/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:21:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17330,7 +16971,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134251197Z", "kind": "enrichment", "original": "{\"id\":\"961186\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961186/\",\"url\":\"http://89.160.20.156:43741/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:21:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -17379,7 +17019,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134252022Z", "kind": "enrichment", "original": "{\"id\":\"961187\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961187/\",\"url\":\"http://89.160.20.156:35446/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:21:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17428,7 +17067,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134252959Z", "kind": "enrichment", "original": "{\"id\":\"961188\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961188/\",\"url\":\"http://89.160.20.156:35720/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:21:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17477,7 +17115,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134253795Z", "kind": "enrichment", "original": "{\"id\":\"961189\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961189/\",\"url\":\"http://89.160.20.156:50501/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:21:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17526,7 +17163,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134254635Z", "kind": "enrichment", "original": "{\"id\":\"961185\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961185/\",\"url\":\"http://89.160.20.156:55796/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17575,7 +17211,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134255455Z", "kind": "enrichment", "original": "{\"id\":\"961183\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961183/\",\"url\":\"http://89.160.20.156:52308/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17624,7 +17259,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134256276Z", "kind": "enrichment", "original": "{\"id\":\"961184\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961184/\",\"url\":\"http://89.160.20.156:59154/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17673,7 +17307,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134257113Z", "kind": "enrichment", "original": "{\"id\":\"961177\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961177/\",\"url\":\"http://89.160.20.156:57950/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17722,7 +17355,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134258237Z", "kind": "enrichment", "original": "{\"id\":\"961178\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961178/\",\"url\":\"http://89.160.20.156:33520/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17771,7 +17403,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134259193Z", "kind": "enrichment", "original": "{\"id\":\"961179\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961179/\",\"url\":\"http://89.160.20.156:45525/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17820,7 +17451,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134260069Z", "kind": "enrichment", "original": "{\"id\":\"961180\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961180/\",\"url\":\"http://89.160.20.156:38430/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17869,7 +17499,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134260896Z", "kind": "enrichment", "original": "{\"id\":\"961181\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961181/\",\"url\":\"http://89.160.20.156:4096/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17918,7 +17547,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134261721Z", "kind": "enrichment", "original": "{\"id\":\"961182\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961182/\",\"url\":\"http://89.160.20.156:50631/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -17967,7 +17595,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134262606Z", "kind": "enrichment", "original": "{\"id\":\"961176\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961176/\",\"url\":\"http://89.160.20.156:37989/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18016,7 +17643,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134263538Z", "kind": "enrichment", "original": "{\"id\":\"961175\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961175/\",\"url\":\"http://89.160.20.156:54078/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:20:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18066,7 +17692,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134264373Z", "kind": "enrichment", "original": "{\"id\":\"961173\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961173/\",\"url\":\"http://89.160.20.156:34201/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -18114,7 +17739,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134265193Z", "kind": "enrichment", "original": "{\"id\":\"961174\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961174/\",\"url\":\"http://89.160.20.156:56573/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18164,7 +17788,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134266018Z", "kind": "enrichment", "original": "{\"id\":\"961172\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961172/\",\"url\":\"http://89.160.20.156:48291/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:08:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -18213,7 +17836,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134266971Z", "kind": "enrichment", "original": "{\"id\":\"961170\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961170/\",\"url\":\"http://89.160.20.156:60102/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:06:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18262,7 +17884,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134267843Z", "kind": "enrichment", "original": "{\"id\":\"961171\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961171/\",\"url\":\"http://89.160.20.156:52225/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:06:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18311,7 +17932,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134268723Z", "kind": "enrichment", "original": "{\"id\":\"961167\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961167/\",\"url\":\"http://89.160.20.156:56733/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18360,7 +17980,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134269551Z", "kind": "enrichment", "original": "{\"id\":\"961168\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961168/\",\"url\":\"http://89.160.20.156:57042/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18409,7 +18028,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134270398Z", "kind": "enrichment", "original": "{\"id\":\"961169\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961169/\",\"url\":\"http://89.160.20.156:38035/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18458,7 +18076,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134271215Z", "kind": "enrichment", "original": "{\"id\":\"961165\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961165/\",\"url\":\"http://89.160.20.156:33540/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18507,7 +18124,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134272031Z", "kind": "enrichment", "original": "{\"id\":\"961166\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961166/\",\"url\":\"http://89.160.20.156:51947/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18556,7 +18172,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134272864Z", "kind": "enrichment", "original": "{\"id\":\"961164\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961164/\",\"url\":\"http://89.160.20.156:36915/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18605,7 +18220,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134273684Z", "kind": "enrichment", "original": "{\"id\":\"961163\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961163/\",\"url\":\"http://89.160.20.156:38865/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:05:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18653,7 +18267,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134274668Z", "kind": "enrichment", "original": "{\"id\":\"961162\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961162/\",\"url\":\"http://89.160.20.156:55480/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:37 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -18701,7 +18314,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134275485Z", "kind": "enrichment", "original": "{\"id\":\"961161\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961161/\",\"url\":\"http://89.160.20.156:51996/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:36 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -18749,7 +18361,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134276301Z", "kind": "enrichment", "original": "{\"id\":\"961160\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961160/\",\"url\":\"http://89.160.20.156:36042/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:34 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -18797,7 +18408,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134277138Z", "kind": "enrichment", "original": "{\"id\":\"961158\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961158/\",\"url\":\"http://89.160.20.156:34350/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -18845,7 +18455,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134277961Z", "kind": "enrichment", "original": "{\"id\":\"961159\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961159/\",\"url\":\"http://89.160.20.156:53587/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:33 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -18893,7 +18502,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134278902Z", "kind": "enrichment", "original": "{\"id\":\"961157\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961157/\",\"url\":\"http://89.160.20.156:53444/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:13 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -18942,7 +18550,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134279727Z", "kind": "enrichment", "original": "{\"id\":\"961155\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961155/\",\"url\":\"http://89.160.20.156:58653/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -18990,7 +18597,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134280548Z", "kind": "enrichment", "original": "{\"id\":\"961156\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961156/\",\"url\":\"http://89.160.20.156:50579/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -19038,7 +18644,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134281368Z", "kind": "enrichment", "original": "{\"id\":\"961152\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961152/\",\"url\":\"http://89.160.20.156:3553/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -19087,7 +18692,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134282308Z", "kind": "enrichment", "original": "{\"id\":\"961153\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961153/\",\"url\":\"http://89.160.20.156:35288/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19135,7 +18739,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134283185Z", "kind": "enrichment", "original": "{\"id\":\"961154\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961154/\",\"url\":\"http://89.160.20.156:46429/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -19183,7 +18786,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134284005Z", "kind": "enrichment", "original": "{\"id\":\"961151\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961151/\",\"url\":\"http://89.160.20.156:44575/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -19232,7 +18834,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134284829Z", "kind": "enrichment", "original": "{\"id\":\"961149\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961149/\",\"url\":\"http://89.160.20.156:43245/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19280,7 +18881,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134285669Z", "kind": "enrichment", "original": "{\"id\":\"961150\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961150/\",\"url\":\"http://89.160.20.156:50444/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -19328,7 +18928,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134286594Z", "kind": "enrichment", "original": "{\"id\":\"961144\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961144/\",\"url\":\"http://89.160.20.156:51318/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"true\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -19377,7 +18976,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134287425Z", "kind": "enrichment", "original": "{\"id\":\"961145\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961145/\",\"url\":\"http://89.160.20.156:46221/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19426,7 +19024,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134288242Z", "kind": "enrichment", "original": "{\"id\":\"961146\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961146/\",\"url\":\"http://89.160.20.156:51430/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19475,7 +19072,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134289061Z", "kind": "enrichment", "original": "{\"id\":\"961147\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961147/\",\"url\":\"http://89.160.20.156:52028/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19524,7 +19120,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134289942Z", "kind": "enrichment", "original": "{\"id\":\"961148\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961148/\",\"url\":\"http://89.160.20.156:48291/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19572,7 +19167,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134290813Z", "kind": "enrichment", "original": "{\"id\":\"961143\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961143/\",\"url\":\"http://89.160.20.156:39613/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 18:04:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"Gandylyan1\",\"larted\":\"false\",\"tags\":[\"Mozi\"]}", "type": "indicator" @@ -19622,7 +19216,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134291653Z", "kind": "enrichment", "original": "{\"id\":\"961142\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961142/\",\"url\":\"http://89.160.20.156:34201/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:56:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -19671,7 +19264,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134292470Z", "kind": "enrichment", "original": "{\"id\":\"961141\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961141/\",\"url\":\"http://89.160.20.156:47095/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:53:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19720,7 +19312,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134293287Z", "kind": "enrichment", "original": "{\"id\":\"961136\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961136/\",\"url\":\"http://89.160.20.156:42004/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:53:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19769,7 +19360,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134294168Z", "kind": "enrichment", "original": "{\"id\":\"961137\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961137/\",\"url\":\"http://89.160.20.156:52058/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:53:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19818,7 +19408,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134295036Z", "kind": "enrichment", "original": "{\"id\":\"961138\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961138/\",\"url\":\"http://89.160.20.156:45432/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:53:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19867,7 +19456,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134295872Z", "kind": "enrichment", "original": "{\"id\":\"961139\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961139/\",\"url\":\"http://89.160.20.156:49891/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:53:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19916,7 +19504,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134296690Z", "kind": "enrichment", "original": "{\"id\":\"961140\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961140/\",\"url\":\"http://89.160.20.156:34334/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:53:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -19965,7 +19552,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134297612Z", "kind": "enrichment", "original": "{\"id\":\"961135\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961135/\",\"url\":\"http://89.160.20.156:42886/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:52:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20014,7 +19600,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134298528Z", "kind": "enrichment", "original": "{\"id\":\"961134\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961134/\",\"url\":\"http://89.160.20.156:47096/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20063,7 +19648,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134299348Z", "kind": "enrichment", "original": "{\"id\":\"961132\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961132/\",\"url\":\"http://89.160.20.156:48214/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20112,7 +19696,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134300165Z", "kind": "enrichment", "original": "{\"id\":\"961133\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961133/\",\"url\":\"http://89.160.20.156:40478/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20161,7 +19744,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134300988Z", "kind": "enrichment", "original": "{\"id\":\"961130\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961130/\",\"url\":\"http://89.160.20.156:37771/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20210,7 +19792,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134301972Z", "kind": "enrichment", "original": "{\"id\":\"961131\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961131/\",\"url\":\"http://89.160.20.156:35513/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20259,7 +19840,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134302816Z", "kind": "enrichment", "original": "{\"id\":\"961129\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961129/\",\"url\":\"http://89.160.20.156:53382/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:51:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20308,7 +19888,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134303635Z", "kind": "enrichment", "original": "{\"id\":\"961128\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961128/\",\"url\":\"http://89.160.20.156:50336/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:50:17 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20357,7 +19936,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134304739Z", "kind": "enrichment", "original": "{\"id\":\"961124\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961124/\",\"url\":\"http://89.160.20.156:34233/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20406,7 +19984,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134306907Z", "kind": "enrichment", "original": "{\"id\":\"961125\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961125/\",\"url\":\"http://89.160.20.156:38392/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20455,7 +20032,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134307939Z", "kind": "enrichment", "original": "{\"id\":\"961126\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961126/\",\"url\":\"http://89.160.20.156:52654/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20504,7 +20080,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134308775Z", "kind": "enrichment", "original": "{\"id\":\"961127\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961127/\",\"url\":\"http://89.160.20.156:60203/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20553,7 +20128,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134309603Z", "kind": "enrichment", "original": "{\"id\":\"961123\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961123/\",\"url\":\"http://89.160.20.156:48091/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20602,7 +20176,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134310427Z", "kind": "enrichment", "original": "{\"id\":\"961122\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961122/\",\"url\":\"http://89.160.20.156:40783/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:49:41 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20651,7 +20224,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134311364Z", "kind": "enrichment", "original": "{\"id\":\"961121\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961121/\",\"url\":\"http://89.160.20.156:52015/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:49:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20700,7 +20272,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134312278Z", "kind": "enrichment", "original": "{\"id\":\"961118\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961118/\",\"url\":\"http://89.160.20.156:42987/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:37:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20749,7 +20320,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134313095Z", "kind": "enrichment", "original": "{\"id\":\"961119\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961119/\",\"url\":\"http://89.160.20.156:53388/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:37:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20798,7 +20368,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134313929Z", "kind": "enrichment", "original": "{\"id\":\"961120\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961120/\",\"url\":\"http://89.160.20.156:44124/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:37:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20847,7 +20416,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134314751Z", "kind": "enrichment", "original": "{\"id\":\"961115\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961115/\",\"url\":\"http://89.160.20.156:33802/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:37:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20896,7 +20464,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134315688Z", "kind": "enrichment", "original": "{\"id\":\"961116\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961116/\",\"url\":\"http://89.160.20.156:43806/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:37:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20945,7 +20512,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134316505Z", "kind": "enrichment", "original": "{\"id\":\"961117\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961117/\",\"url\":\"http://89.160.20.156:52278/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:37:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -20994,7 +20560,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134317337Z", "kind": "enrichment", "original": "{\"id\":\"961114\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961114/\",\"url\":\"http://89.160.20.156:41202/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:37:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21043,7 +20608,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134318153Z", "kind": "enrichment", "original": "{\"id\":\"961113\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961113/\",\"url\":\"http://89.160.20.156:35756/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:36:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21092,7 +20656,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134319030Z", "kind": "enrichment", "original": "{\"id\":\"961112\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961112/\",\"url\":\"http://89.160.20.156:40569/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21141,7 +20704,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134319905Z", "kind": "enrichment", "original": "{\"id\":\"961111\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961111/\",\"url\":\"http://89.160.20.156:47645/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:36:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21190,7 +20752,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134320743Z", "kind": "enrichment", "original": "{\"id\":\"961110\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961110/\",\"url\":\"http://89.160.20.156:40023/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21239,7 +20800,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134321560Z", "kind": "enrichment", "original": "{\"id\":\"961109\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961109/\",\"url\":\"http://89.160.20.156:53402/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:34:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21289,7 +20849,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134322376Z", "kind": "enrichment", "original": "{\"id\":\"961108\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961108/\",\"url\":\"http://89.160.20.156:36316/bin.sh\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:29:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -21339,7 +20898,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134323251Z", "kind": "enrichment", "original": "{\"id\":\"961107\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961107/\",\"url\":\"http://89.160.20.156:48105/bin.sh\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:28:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -21388,7 +20946,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134324063Z", "kind": "enrichment", "original": "{\"id\":\"961103\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961103/\",\"url\":\"http://89.160.20.156:40017/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21437,7 +20994,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134324879Z", "kind": "enrichment", "original": "{\"id\":\"961104\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961104/\",\"url\":\"http://89.160.20.156:41906/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21486,7 +21042,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134325714Z", "kind": "enrichment", "original": "{\"id\":\"961105\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961105/\",\"url\":\"http://89.160.20.156:38607/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21535,7 +21090,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134326600Z", "kind": "enrichment", "original": "{\"id\":\"961106\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961106/\",\"url\":\"http://89.160.20.156:59331/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21584,7 +21138,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134327492Z", "kind": "enrichment", "original": "{\"id\":\"961102\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961102/\",\"url\":\"http://89.160.20.156:53932/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:24 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21633,7 +21186,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134328310Z", "kind": "enrichment", "original": "{\"id\":\"961101\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961101/\",\"url\":\"http://89.160.20.156:58385/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21682,7 +21234,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134329128Z", "kind": "enrichment", "original": "{\"id\":\"961099\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961099/\",\"url\":\"http://89.160.20.156:57010/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21731,7 +21282,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134329966Z", "kind": "enrichment", "original": "{\"id\":\"961100\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961100/\",\"url\":\"http://89.160.20.156:59715/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21780,7 +21330,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134330856Z", "kind": "enrichment", "original": "{\"id\":\"961094\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961094/\",\"url\":\"http://89.160.20.156:57052/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21829,7 +21378,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134331676Z", "kind": "enrichment", "original": "{\"id\":\"961095\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961095/\",\"url\":\"http://89.160.20.156:60550/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21878,7 +21426,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134332505Z", "kind": "enrichment", "original": "{\"id\":\"961096\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961096/\",\"url\":\"http://89.160.20.156:39684/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21927,7 +21474,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134333327Z", "kind": "enrichment", "original": "{\"id\":\"961097\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961097/\",\"url\":\"http://89.160.20.156:43593/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -21976,7 +21522,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134334148Z", "kind": "enrichment", "original": "{\"id\":\"961098\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961098/\",\"url\":\"http://89.160.20.156:36066/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:20:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22025,7 +21570,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134335118Z", "kind": "enrichment", "original": "{\"id\":\"961093\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961093/\",\"url\":\"http://89.160.20.156:35006/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:19:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22074,7 +21618,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134335937Z", "kind": "enrichment", "original": "{\"id\":\"961091\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961091/\",\"url\":\"http://89.160.20.156:38184/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:19:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22123,7 +21666,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134337048Z", "kind": "enrichment", "original": "{\"id\":\"961092\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961092/\",\"url\":\"http://89.160.20.156:59027/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:19:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22172,7 +21714,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134337881Z", "kind": "enrichment", "original": "{\"id\":\"961090\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961090/\",\"url\":\"http://89.160.20.156:50639/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22221,7 +21762,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134338816Z", "kind": "enrichment", "original": "{\"id\":\"961086\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961086/\",\"url\":\"http://89.160.20.156:33534/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22270,7 +21810,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134339719Z", "kind": "enrichment", "original": "{\"id\":\"961087\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961087/\",\"url\":\"http://89.160.20.156:36316/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22319,7 +21858,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134340539Z", "kind": "enrichment", "original": "{\"id\":\"961088\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961088/\",\"url\":\"http://89.160.20.156:47120/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22368,7 +21906,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134341368Z", "kind": "enrichment", "original": "{\"id\":\"961089\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961089/\",\"url\":\"http://89.160.20.156:46287/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:19:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22418,7 +21955,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134342187Z", "kind": "enrichment", "original": "{\"id\":\"961085\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961085/\",\"url\":\"http://89.160.20.156:39536/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:14:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -22467,7 +22003,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134343131Z", "kind": "enrichment", "original": "{\"id\":\"961083\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961083/\",\"url\":\"http://89.160.20.156:40689/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:07:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22516,7 +22051,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134343956Z", "kind": "enrichment", "original": "{\"id\":\"961084\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961084/\",\"url\":\"http://89.160.20.156:51123/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:07:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22565,7 +22099,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134344781Z", "kind": "enrichment", "original": "{\"id\":\"961082\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961082/\",\"url\":\"http://89.160.20.156:52540/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:07:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22614,7 +22147,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134345620Z", "kind": "enrichment", "original": "{\"id\":\"961081\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961081/\",\"url\":\"http://89.160.20.156:56964/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:07:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22663,7 +22195,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134346510Z", "kind": "enrichment", "original": "{\"id\":\"961078\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961078/\",\"url\":\"http://89.160.20.156:57120/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22712,7 +22243,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134347398Z", "kind": "enrichment", "original": "{\"id\":\"961079\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961079/\",\"url\":\"http://89.160.20.156:44518/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22761,7 +22291,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134348222Z", "kind": "enrichment", "original": "{\"id\":\"961080\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961080/\",\"url\":\"http://89.160.20.156:50389/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22810,7 +22339,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134349048Z", "kind": "enrichment", "original": "{\"id\":\"961077\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961077/\",\"url\":\"http://89.160.20.156:34335/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22859,7 +22387,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134349867Z", "kind": "enrichment", "original": "{\"id\":\"961069\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961069/\",\"url\":\"http://89.160.20.156:54865/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22908,7 +22435,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134350823Z", "kind": "enrichment", "original": "{\"id\":\"961070\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961070/\",\"url\":\"http://89.160.20.156:50773/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -22957,7 +22483,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134351639Z", "kind": "enrichment", "original": "{\"id\":\"961071\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961071/\",\"url\":\"http://89.160.20.156:52005/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23006,7 +22531,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134352455Z", "kind": "enrichment", "original": "{\"id\":\"961072\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961072/\",\"url\":\"http://89.160.20.156:56066/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23055,7 +22579,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134353274Z", "kind": "enrichment", "original": "{\"id\":\"961073\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961073/\",\"url\":\"http://89.160.20.156:32915/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23104,7 +22627,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134354153Z", "kind": "enrichment", "original": "{\"id\":\"961074\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961074/\",\"url\":\"http://89.160.20.156:43462/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23153,7 +22675,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134355085Z", "kind": "enrichment", "original": "{\"id\":\"961075\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961075/\",\"url\":\"http://89.160.20.156:33291/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23202,7 +22723,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134355914Z", "kind": "enrichment", "original": "{\"id\":\"961076\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961076/\",\"url\":\"http://89.160.20.156:1440/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23251,7 +22771,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134356729Z", "kind": "enrichment", "original": "{\"id\":\"961068\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961068/\",\"url\":\"http://89.160.20.156:55907/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23300,7 +22819,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134357549Z", "kind": "enrichment", "original": "{\"id\":\"961066\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961066/\",\"url\":\"http://89.160.20.156:33181/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23349,7 +22867,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134358516Z", "kind": "enrichment", "original": "{\"id\":\"961067\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961067/\",\"url\":\"http://89.160.20.156:44691/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23398,7 +22915,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134359335Z", "kind": "enrichment", "original": "{\"id\":\"961059\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961059/\",\"url\":\"http://89.160.20.156:55254/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23447,7 +22963,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134360146Z", "kind": "enrichment", "original": "{\"id\":\"961060\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961060/\",\"url\":\"http://89.160.20.156:43010/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23496,7 +23011,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134360959Z", "kind": "enrichment", "original": "{\"id\":\"961061\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961061/\",\"url\":\"http://89.160.20.156:37886/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23545,7 +23059,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134361782Z", "kind": "enrichment", "original": "{\"id\":\"961062\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961062/\",\"url\":\"http://89.160.20.156:40153/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23594,7 +23107,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134362764Z", "kind": "enrichment", "original": "{\"id\":\"961063\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961063/\",\"url\":\"http://89.160.20.156:34305/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23643,7 +23155,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134363603Z", "kind": "enrichment", "original": "{\"id\":\"961064\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961064/\",\"url\":\"http://89.160.20.156:35653/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23692,7 +23203,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134364421Z", "kind": "enrichment", "original": "{\"id\":\"961065\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961065/\",\"url\":\"http://89.160.20.156:48908/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23741,7 +23251,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134365239Z", "kind": "enrichment", "original": "{\"id\":\"961058\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961058/\",\"url\":\"http://89.160.20.156:40035/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:04:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23790,7 +23299,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134366225Z", "kind": "enrichment", "original": "{\"id\":\"961055\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961055/\",\"url\":\"http://89.160.20.156:54461/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23839,7 +23347,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134367100Z", "kind": "enrichment", "original": "{\"id\":\"961056\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961056/\",\"url\":\"http://89.160.20.156:51991/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -23889,7 +23396,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134367930Z", "kind": "enrichment", "original": "{\"id\":\"961057\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961057/\",\"url\":\"http://89.160.20.156:41143/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -23938,7 +23444,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134368746Z", "kind": "enrichment", "original": "{\"id\":\"961054\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961054/\",\"url\":\"http://89.160.20.156:51095/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 17:02:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -23986,7 +23491,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134369567Z", "kind": "enrichment", "original": "{\"id\":\"961053\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961053/\",\"url\":\"http://89.160.20.156:36558/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:52:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24035,7 +23539,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134370477Z", "kind": "enrichment", "original": "{\"id\":\"961050\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961050/\",\"url\":\"http://89.160.20.156:47548/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24084,7 +23587,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134371294Z", "kind": "enrichment", "original": "{\"id\":\"961051\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961051/\",\"url\":\"http://89.160.20.156:35796/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24133,7 +23635,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134372126Z", "kind": "enrichment", "original": "{\"id\":\"961052\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961052/\",\"url\":\"http://89.160.20.156:42765/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24182,7 +23683,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134372946Z", "kind": "enrichment", "original": "{\"id\":\"961048\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961048/\",\"url\":\"http://89.160.20.156:37388/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:51:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24231,7 +23731,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134373825Z", "kind": "enrichment", "original": "{\"id\":\"961049\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961049/\",\"url\":\"http://89.160.20.156:56849/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:51:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24280,7 +23779,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134374652Z", "kind": "enrichment", "original": "{\"id\":\"961047\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961047/\",\"url\":\"http://89.160.20.156:35574/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24329,7 +23827,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134375470Z", "kind": "enrichment", "original": "{\"id\":\"961046\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961046/\",\"url\":\"http://89.160.20.156:46947/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:50:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24378,7 +23875,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134376302Z", "kind": "enrichment", "original": "{\"id\":\"961043\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961043/\",\"url\":\"http://89.160.20.156:34452/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24427,7 +23923,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134377128Z", "kind": "enrichment", "original": "{\"id\":\"961044\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961044/\",\"url\":\"http://89.160.20.156:33017/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24476,7 +23971,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134378082Z", "kind": "enrichment", "original": "{\"id\":\"961045\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961045/\",\"url\":\"http://89.160.20.156:55061/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24525,7 +24019,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134378900Z", "kind": "enrichment", "original": "{\"id\":\"961040\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961040/\",\"url\":\"http://89.160.20.156:50046/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24574,7 +24067,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134379720Z", "kind": "enrichment", "original": "{\"id\":\"961041\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961041/\",\"url\":\"http://89.160.20.156:51960/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24623,7 +24115,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134380538Z", "kind": "enrichment", "original": "{\"id\":\"961042\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961042/\",\"url\":\"http://89.160.20.156:42372/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24672,7 +24163,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134381425Z", "kind": "enrichment", "original": "{\"id\":\"961039\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961039/\",\"url\":\"http://89.160.20.156:51592/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:49:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24721,7 +24211,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134382338Z", "kind": "enrichment", "original": "{\"id\":\"961038\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961038/\",\"url\":\"http://89.160.20.156:35585/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:49:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24770,7 +24259,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134383153Z", "kind": "enrichment", "original": "{\"id\":\"961035\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961035/\",\"url\":\"http://89.160.20.156:38398/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:49:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24819,7 +24307,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134383968Z", "kind": "enrichment", "original": "{\"id\":\"961036\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961036/\",\"url\":\"http://89.160.20.156:59880/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:49:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24868,7 +24355,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134384793Z", "kind": "enrichment", "original": "{\"id\":\"961037\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961037/\",\"url\":\"http://89.160.20.156:39138/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:49:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -24918,7 +24404,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134385800Z", "kind": "enrichment", "original": "{\"id\":\"961033\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961033/\",\"url\":\"http://89.160.20.156:51095/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:40:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -24968,7 +24453,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134386617Z", "kind": "enrichment", "original": "{\"id\":\"961034\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961034/\",\"url\":\"http://89.160.20.156:45117/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:40:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -25016,7 +24500,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134387435Z", "kind": "enrichment", "original": "{\"id\":\"961032\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961032/\",\"url\":\"http://89.160.20.156:50204/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:10 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25065,7 +24548,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134388250Z", "kind": "enrichment", "original": "{\"id\":\"961029\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961029/\",\"url\":\"http://89.160.20.156:45079/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25114,7 +24596,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134389073Z", "kind": "enrichment", "original": "{\"id\":\"961030\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961030/\",\"url\":\"http://89.160.20.156:52238/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25163,7 +24644,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134390054Z", "kind": "enrichment", "original": "{\"id\":\"961031\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961031/\",\"url\":\"http://89.160.20.156:40312/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25212,7 +24692,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134390933Z", "kind": "enrichment", "original": "{\"id\":\"961026\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961026/\",\"url\":\"http://89.160.20.156:39002/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25261,7 +24740,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134393131Z", "kind": "enrichment", "original": "{\"id\":\"961027\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961027/\",\"url\":\"http://89.160.20.156:50773/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25310,7 +24788,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134394040Z", "kind": "enrichment", "original": "{\"id\":\"961028\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961028/\",\"url\":\"http://89.160.20.156:50050/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25359,7 +24836,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134395005Z", "kind": "enrichment", "original": "{\"id\":\"961024\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961024/\",\"url\":\"http://89.160.20.156:60081/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25408,7 +24884,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134395877Z", "kind": "enrichment", "original": "{\"id\":\"961025\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961025/\",\"url\":\"http://89.160.20.156:58177/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:37:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25457,7 +24932,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134396688Z", "kind": "enrichment", "original": "{\"id\":\"961023\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961023/\",\"url\":\"http://89.160.20.156:38589/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:36:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25506,7 +24980,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134397508Z", "kind": "enrichment", "original": "{\"id\":\"961022\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961022/\",\"url\":\"http://89.160.20.156:39229/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:35:25 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25555,7 +25028,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134398325Z", "kind": "enrichment", "original": "{\"id\":\"961021\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961021/\",\"url\":\"http://89.160.20.156:53595/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:35:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25604,7 +25076,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134399276Z", "kind": "enrichment", "original": "{\"id\":\"961018\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961018/\",\"url\":\"http://89.160.20.156:57279/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25653,7 +25124,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134400142Z", "kind": "enrichment", "original": "{\"id\":\"961019\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961019/\",\"url\":\"http://89.160.20.156:49019/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25702,7 +25172,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134400977Z", "kind": "enrichment", "original": "{\"id\":\"961020\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961020/\",\"url\":\"http://89.160.20.156:48558/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25751,7 +25220,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134401790Z", "kind": "enrichment", "original": "{\"id\":\"961017\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961017/\",\"url\":\"http://89.160.20.156:58913/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:34:25 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25800,7 +25268,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134402614Z", "kind": "enrichment", "original": "{\"id\":\"961016\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961016/\",\"url\":\"http://89.160.20.156:49608/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:34:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25850,7 +25317,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134403484Z", "kind": "enrichment", "original": "{\"id\":\"961013\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961013/\",\"url\":\"http://89.160.20.156:41143/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:34:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -25899,7 +25365,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134404353Z", "kind": "enrichment", "original": "{\"id\":\"961014\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961014/\",\"url\":\"http://89.160.20.156:42129/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:34:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25948,7 +25413,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134405224Z", "kind": "enrichment", "original": "{\"id\":\"961015\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961015/\",\"url\":\"http://89.160.20.156:47403/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:34:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -25997,7 +25461,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134406110Z", "kind": "enrichment", "original": "{\"id\":\"961011\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961011/\",\"url\":\"http://89.160.20.156:60187/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:34:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26046,7 +25509,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134407036Z", "kind": "enrichment", "original": "{\"id\":\"961012\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961012/\",\"url\":\"http://89.160.20.156:46097/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:34:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26096,7 +25558,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134407904Z", "kind": "enrichment", "original": "{\"id\":\"961010\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961010/\",\"url\":\"http://89.160.20.156:50771/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:31:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -26144,7 +25605,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134408779Z", "kind": "enrichment", "original": "{\"id\":\"961009\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961009/\",\"url\":\"https://pastebin.com/raw/00aUJCLx\",\"url_status\":\"offline\",\"host\":\"pastebin.com\",\"date_added\":\"2021-01-14 16:29:03 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"pmelson\",\"larted\":\"false\",\"tags\":[\"ASPXShell\",\"webshell\"]}", "type": "indicator" @@ -26191,7 +25651,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134409599Z", "kind": "enrichment", "original": "{\"id\":\"961008\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961008/\",\"url\":\"http://89.160.20.156:45117/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:25:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -26240,7 +25699,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134410489Z", "kind": "enrichment", "original": "{\"id\":\"961007\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961007/\",\"url\":\"http://89.160.20.156:41485/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:22:16 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26289,7 +25747,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134411380Z", "kind": "enrichment", "original": "{\"id\":\"961006\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961006/\",\"url\":\"http://89.160.20.156:43851/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:22:15 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26338,7 +25795,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134412197Z", "kind": "enrichment", "original": "{\"id\":\"961005\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961005/\",\"url\":\"http://89.160.20.156:37095/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:22:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26387,7 +25843,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134413018Z", "kind": "enrichment", "original": "{\"id\":\"961004\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961004/\",\"url\":\"http://89.160.20.156:59275/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:22:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26436,7 +25891,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134413834Z", "kind": "enrichment", "original": "{\"id\":\"961002\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961002/\",\"url\":\"http://89.160.20.156:46131/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:22:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26485,7 +25939,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134414755Z", "kind": "enrichment", "original": "{\"id\":\"961003\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961003/\",\"url\":\"http://89.160.20.156:40129/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:22:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26534,7 +25987,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134415583Z", "kind": "enrichment", "original": "{\"id\":\"961000\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961000/\",\"url\":\"http://89.160.20.156:43924/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:21:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26584,7 +26036,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134416400Z", "kind": "enrichment", "original": "{\"id\":\"961001\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/961001/\",\"url\":\"http://89.160.20.156:38851/i\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:21:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -26632,7 +26083,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134417568Z", "kind": "enrichment", "original": "{\"id\":\"960996\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960996/\",\"url\":\"http://89.160.20.156:33008/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26681,7 +26131,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134418811Z", "kind": "enrichment", "original": "{\"id\":\"960997\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960997/\",\"url\":\"http://89.160.20.156:60201/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26730,7 +26179,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134419707Z", "kind": "enrichment", "original": "{\"id\":\"960998\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960998/\",\"url\":\"http://89.160.20.156:41479/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26779,7 +26227,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134420753Z", "kind": "enrichment", "original": "{\"id\":\"960999\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960999/\",\"url\":\"http://89.160.20.156:52003/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:21:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26828,7 +26275,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134421591Z", "kind": "enrichment", "original": "{\"id\":\"960995\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960995/\",\"url\":\"http://89.160.20.156:39500/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:16 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26877,7 +26323,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134422403Z", "kind": "enrichment", "original": "{\"id\":\"960994\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960994/\",\"url\":\"http://89.160.20.156:36966/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26926,7 +26371,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134423224Z", "kind": "enrichment", "original": "{\"id\":\"960991\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960991/\",\"url\":\"http://89.160.20.156:59875/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -26975,7 +26419,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134424202Z", "kind": "enrichment", "original": "{\"id\":\"960992\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960992/\",\"url\":\"http://89.160.20.156:44123/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27024,7 +26467,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134425015Z", "kind": "enrichment", "original": "{\"id\":\"960993\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960993/\",\"url\":\"http://89.160.20.156:45224/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27073,7 +26515,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134425842Z", "kind": "enrichment", "original": "{\"id\":\"960990\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960990/\",\"url\":\"http://89.160.20.156:43105/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27122,7 +26563,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134426648Z", "kind": "enrichment", "original": "{\"id\":\"960984\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960984/\",\"url\":\"http://89.160.20.156:46011/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27171,7 +26611,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134427467Z", "kind": "enrichment", "original": "{\"id\":\"960985\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960985/\",\"url\":\"http://89.160.20.156:51170/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27220,7 +26659,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134428342Z", "kind": "enrichment", "original": "{\"id\":\"960986\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960986/\",\"url\":\"http://89.160.20.156:38025/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27269,7 +26707,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134429160Z", "kind": "enrichment", "original": "{\"id\":\"960987\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960987/\",\"url\":\"http://89.160.20.156:54132/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27318,7 +26755,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134429972Z", "kind": "enrichment", "original": "{\"id\":\"960988\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960988/\",\"url\":\"http://89.160.20.156:57705/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27367,7 +26803,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134430785Z", "kind": "enrichment", "original": "{\"id\":\"960989\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960989/\",\"url\":\"http://89.160.20.156:32983/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:20:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27416,7 +26851,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134431711Z", "kind": "enrichment", "original": "{\"id\":\"960983\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960983/\",\"url\":\"http://89.160.20.156:47908/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:19:13 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27465,7 +26899,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134432578Z", "kind": "enrichment", "original": "{\"id\":\"960982\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960982/\",\"url\":\"http://89.160.20.156:35116/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:19:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27514,7 +26947,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134433412Z", "kind": "enrichment", "original": "{\"id\":\"960978\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960978/\",\"url\":\"http://89.160.20.156:38070/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27563,7 +26995,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134434227Z", "kind": "enrichment", "original": "{\"id\":\"960979\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960979/\",\"url\":\"http://89.160.20.156:53399/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27612,7 +27043,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134435047Z", "kind": "enrichment", "original": "{\"id\":\"960980\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960980/\",\"url\":\"http://89.160.20.156:39529/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27661,7 +27091,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134435974Z", "kind": "enrichment", "original": "{\"id\":\"960981\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960981/\",\"url\":\"http://89.160.20.156:33465/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:19:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27710,7 +27139,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134436812Z", "kind": "enrichment", "original": "{\"id\":\"960977\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960977/\",\"url\":\"http://89.160.20.156:59085/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:16:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"07ac0n\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27760,7 +27188,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134437650Z", "kind": "enrichment", "original": "{\"id\":\"960976\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960976/\",\"url\":\"http://89.160.20.156:33799/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:09:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -27808,7 +27235,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134438464Z", "kind": "enrichment", "original": "{\"id\":\"960972\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960972/\",\"url\":\"http://89.160.20.156:40430/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:07:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27857,7 +27283,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134439355Z", "kind": "enrichment", "original": "{\"id\":\"960973\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960973/\",\"url\":\"http://89.160.20.156:43006/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:07:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27906,7 +27331,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134440228Z", "kind": "enrichment", "original": "{\"id\":\"960974\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960974/\",\"url\":\"http://89.160.20.156:33385/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:07:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -27955,7 +27379,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134441051Z", "kind": "enrichment", "original": "{\"id\":\"960975\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960975/\",\"url\":\"http://89.160.20.156:56649/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:07:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28004,7 +27427,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134441879Z", "kind": "enrichment", "original": "{\"id\":\"960971\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960971/\",\"url\":\"http://89.160.20.156:55457/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:07:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28053,7 +27475,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134442698Z", "kind": "enrichment", "original": "{\"id\":\"960968\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960968/\",\"url\":\"http://89.160.20.156:52314/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28102,7 +27523,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134443521Z", "kind": "enrichment", "original": "{\"id\":\"960969\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960969/\",\"url\":\"http://89.160.20.156:41985/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28152,7 +27572,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134444351Z", "kind": "enrichment", "original": "{\"id\":\"960970\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960970/\",\"url\":\"http://89.160.20.156:53197/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:07:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -28200,7 +27619,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134445165Z", "kind": "enrichment", "original": "{\"id\":\"960967\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960967/\",\"url\":\"http://89.160.20.156:54472/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:06:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28249,7 +27667,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134445984Z", "kind": "enrichment", "original": "{\"id\":\"960966\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960966/\",\"url\":\"http://89.160.20.156:38100/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:06:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28298,7 +27715,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134446806Z", "kind": "enrichment", "original": "{\"id\":\"960964\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960964/\",\"url\":\"http://89.160.20.156:33121/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28347,7 +27763,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134447675Z", "kind": "enrichment", "original": "{\"id\":\"960965\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960965/\",\"url\":\"http://89.160.20.156:39363/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:06:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28396,7 +27811,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134448712Z", "kind": "enrichment", "original": "{\"id\":\"960961\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960961/\",\"url\":\"http://89.160.20.156:42844/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28445,7 +27859,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134449573Z", "kind": "enrichment", "original": "{\"id\":\"960962\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960962/\",\"url\":\"http://89.160.20.156:45789/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28494,7 +27907,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134450396Z", "kind": "enrichment", "original": "{\"id\":\"960963\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960963/\",\"url\":\"http://89.160.20.156:34080/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:06:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28543,7 +27955,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134451245Z", "kind": "enrichment", "original": "{\"id\":\"960960\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960960/\",\"url\":\"http://89.160.20.156:56067/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:05:11 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28592,7 +28003,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134452059Z", "kind": "enrichment", "original": "{\"id\":\"960959\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960959/\",\"url\":\"http://89.160.20.156:34205/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:05:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28641,7 +28051,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134452873Z", "kind": "enrichment", "original": "{\"id\":\"960957\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960957/\",\"url\":\"http://89.160.20.156:53239/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:05:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28690,7 +28099,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134453688Z", "kind": "enrichment", "original": "{\"id\":\"960958\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960958/\",\"url\":\"http://89.160.20.156:53868/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:05:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28739,7 +28147,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134454512Z", "kind": "enrichment", "original": "{\"id\":\"960955\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960955/\",\"url\":\"http://89.160.20.156:39724/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28788,7 +28195,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134455432Z", "kind": "enrichment", "original": "{\"id\":\"960956\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960956/\",\"url\":\"http://89.160.20.156:60804/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:05:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28837,7 +28243,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134456246Z", "kind": "enrichment", "original": "{\"id\":\"960953\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960953/\",\"url\":\"http://89.160.20.156:51949/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28886,7 +28291,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134457061Z", "kind": "enrichment", "original": "{\"id\":\"960954\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960954/\",\"url\":\"http://89.160.20.156:48224/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:05:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28935,7 +28339,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134457875Z", "kind": "enrichment", "original": "{\"id\":\"960952\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960952/\",\"url\":\"http://89.160.20.156:37716/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:04:10 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -28984,7 +28387,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134458812Z", "kind": "enrichment", "original": "{\"id\":\"960951\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960951/\",\"url\":\"http://89.160.20.156:60524/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:04:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29034,7 +28436,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134459805Z", "kind": "enrichment", "original": "{\"id\":\"960946\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960946/\",\"url\":\"http://urlfrance.fr/code/dd.txt\",\"url_status\":\"offline\",\"host\":\"urlfrance.fr\",\"date_added\":\"2021-01-14 16:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"abused_legit_malware\",\"surbl\":\"not listed\"},\"reporter\":\"abuse_ch\",\"larted\":\"true\",\"tags\":[\"Encoded\",\"njRAT\",\"rat\"]}", "type": "indicator" @@ -29082,7 +28483,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134462013Z", "kind": "enrichment", "original": "{\"id\":\"960947\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960947/\",\"url\":\"http://89.160.20.156:49988/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -29131,7 +28531,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134462955Z", "kind": "enrichment", "original": "{\"id\":\"960948\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960948/\",\"url\":\"http://89.160.20.156:42857/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29181,7 +28580,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134463774Z", "kind": "enrichment", "original": "{\"id\":\"960949\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960949/\",\"url\":\"http://89.160.20.156:44751/bin.sh\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -29230,7 +28628,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134464757Z", "kind": "enrichment", "original": "{\"id\":\"960950\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960950/\",\"url\":\"http://89.160.20.156:47719/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 16:04:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29279,7 +28676,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134465570Z", "kind": "enrichment", "original": "{\"id\":\"960945\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960945/\",\"url\":\"http://89.160.20.156:38133/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:59:12 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"07ac0n\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29328,7 +28724,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134466433Z", "kind": "enrichment", "original": "{\"id\":\"960944\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960944/\",\"url\":\"http://www.sowetoson.com/new/Host_yjwloaz52.bin\",\"url_status\":\"online\",\"host\":\"www.sowetoson.com\",\"date_added\":\"2021-01-14 15:57:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"abused_legit_malware\",\"surbl\":\"not listed\"},\"reporter\":\"abuse_ch\",\"larted\":\"true\",\"tags\":[\"encrypted\",\"GuLoader\"]}", "type": "indicator" @@ -29375,7 +28770,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134467252Z", "kind": "enrichment", "original": "{\"id\":\"960942\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960942/\",\"url\":\"https://www.agamagroup.com.ng/zxc/janomo_uGdNtpvRY170.bin\",\"url_status\":\"online\",\"host\":\"www.agamagroup.com.ng\",\"date_added\":\"2021-01-14 15:57:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"abused_legit_malware\",\"surbl\":\"not listed\"},\"reporter\":\"abuse_ch\",\"larted\":\"true\",\"tags\":[\"encrypted\",\"GuLoader\"]}", "type": "indicator" @@ -29422,7 +28816,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134468185Z", "kind": "enrichment", "original": "{\"id\":\"960943\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960943/\",\"url\":\"https://onedrive.live.com/download?cid=8FE9EB3F9398B325\u0026resid=8FE9EB3F9398B325%21126\u0026authkey=AOzL9FiDhEYRkm8\",\"url_status\":\"online\",\"host\":\"onedrive.live.com\",\"date_added\":\"2021-01-14 15:57:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"abuse_ch\",\"larted\":\"true\",\"tags\":[\"encrypted\",\"GuLoader\"]}", "type": "indicator" @@ -29469,7 +28862,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134469030Z", "kind": "enrichment", "original": "{\"id\":\"960941\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960941/\",\"url\":\"http://89.160.20.156:46462/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:52:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29518,7 +28910,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134469857Z", "kind": "enrichment", "original": "{\"id\":\"960940\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960940/\",\"url\":\"http://89.160.20.156:39046/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:52:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29567,7 +28958,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134470670Z", "kind": "enrichment", "original": "{\"id\":\"960934\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960934/\",\"url\":\"http://89.160.20.156:47418/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29616,7 +29006,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134471480Z", "kind": "enrichment", "original": "{\"id\":\"960935\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960935/\",\"url\":\"http://89.160.20.156:42287/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29665,7 +29054,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134472395Z", "kind": "enrichment", "original": "{\"id\":\"960936\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960936/\",\"url\":\"http://89.160.20.156:49596/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29714,7 +29102,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134473231Z", "kind": "enrichment", "original": "{\"id\":\"960937\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960937/\",\"url\":\"http://89.160.20.156:39815/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29763,7 +29150,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134474044Z", "kind": "enrichment", "original": "{\"id\":\"960938\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960938/\",\"url\":\"http://89.160.20.156:36568/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29812,7 +29198,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134474859Z", "kind": "enrichment", "original": "{\"id\":\"960939\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960939/\",\"url\":\"http://89.160.20.156:32954/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:52:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29861,7 +29246,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134475783Z", "kind": "enrichment", "original": "{\"id\":\"960933\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960933/\",\"url\":\"http://89.160.20.156:57752/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:51:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29910,7 +29294,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134476759Z", "kind": "enrichment", "original": "{\"id\":\"960932\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960932/\",\"url\":\"http://89.160.20.156:52221/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:51:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -29959,7 +29342,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134477601Z", "kind": "enrichment", "original": "{\"id\":\"960931\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960931/\",\"url\":\"http://89.160.20.156:58493/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:40 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30008,7 +29390,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134478419Z", "kind": "enrichment", "original": "{\"id\":\"960930\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960930/\",\"url\":\"http://89.160.20.156:57603/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:14 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30057,7 +29438,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134479235Z", "kind": "enrichment", "original": "{\"id\":\"960929\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960929/\",\"url\":\"http://89.160.20.156:45439/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:13 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30106,7 +29486,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134480054Z", "kind": "enrichment", "original": "{\"id\":\"960928\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960928/\",\"url\":\"http://89.160.20.156:58291/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:08 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30155,7 +29534,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134480870Z", "kind": "enrichment", "original": "{\"id\":\"960927\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960927/\",\"url\":\"http://89.160.20.156:52785/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30204,7 +29582,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134481703Z", "kind": "enrichment", "original": "{\"id\":\"960924\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960924/\",\"url\":\"http://89.160.20.156:38582/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30253,7 +29630,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134482518Z", "kind": "enrichment", "original": "{\"id\":\"960925\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960925/\",\"url\":\"http://89.160.20.156:39503/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30302,7 +29678,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134483399Z", "kind": "enrichment", "original": "{\"id\":\"960926\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960926/\",\"url\":\"http://89.160.20.156:53018/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30351,7 +29726,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134484305Z", "kind": "enrichment", "original": "{\"id\":\"960923\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960923/\",\"url\":\"http://89.160.20.156:40698/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:50:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30400,7 +29774,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134485119Z", "kind": "enrichment", "original": "{\"id\":\"960922\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960922/\",\"url\":\"http://89.160.20.156:50060/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:49:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30449,7 +29822,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134485957Z", "kind": "enrichment", "original": "{\"id\":\"960921\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960921/\",\"url\":\"http://89.160.20.156:47874/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:49:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30499,7 +29871,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134486780Z", "kind": "enrichment", "original": "{\"id\":\"960919\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960919/\",\"url\":\"http://perezluzwsdycafeyzmn.dns.navy/perdoc/regasm.exe\",\"url_status\":\"online\",\"host\":\"perezluzwsdycafeyzmn.dns.navy\",\"date_added\":\"2021-01-14 15:46:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"listed\"},\"reporter\":\"abuse_ch\",\"larted\":\"true\",\"tags\":[\"exe\",\"Loki\",\"opendir\"]}", "type": "indicator" @@ -30547,7 +29918,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134487668Z", "kind": "enrichment", "original": "{\"id\":\"960920\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960920/\",\"url\":\"http://89.160.20.156:33799/bin.sh\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:46:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"arm\",\"elf\"]}", "type": "indicator" @@ -30596,7 +29966,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134488483Z", "kind": "enrichment", "original": "{\"id\":\"960918\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960918/\",\"url\":\"http://kalamikwsdyonlinedws.dns.navy/kaladoc/vbc.exe\",\"url_status\":\"online\",\"host\":\"kalamikwsdyonlinedws.dns.navy\",\"date_added\":\"2021-01-14 15:45:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"listed\"},\"reporter\":\"abuse_ch\",\"larted\":\"true\",\"tags\":[\"AgentTesla\",\"exe\"]}", "type": "indicator" @@ -30643,7 +30012,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134489298Z", "kind": "enrichment", "original": "{\"id\":\"960917\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960917/\",\"url\":\"http://89.160.20.156/js/js/lokkk.jpg\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:45:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"abuse_ch\",\"larted\":\"true\",\"tags\":[\"exe\",\"Loki\"]}", "type": "indicator" @@ -30691,7 +30059,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134490117Z", "kind": "enrichment", "original": "{\"id\":\"960916\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960916/\",\"url\":\"http://89.160.20.156:33201/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:38:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30740,7 +30107,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134490940Z", "kind": "enrichment", "original": "{\"id\":\"960914\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960914/\",\"url\":\"http://89.160.20.156:53926/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:38:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30789,7 +30155,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134491813Z", "kind": "enrichment", "original": "{\"id\":\"960915\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960915/\",\"url\":\"http://89.160.20.156:43917/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:38:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30838,7 +30203,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134492634Z", "kind": "enrichment", "original": "{\"id\":\"960911\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960911/\",\"url\":\"http://89.160.20.156:42053/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:38:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30887,7 +30251,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134493460Z", "kind": "enrichment", "original": "{\"id\":\"960912\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960912/\",\"url\":\"http://89.160.20.156:57875/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:38:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30936,7 +30299,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134494284Z", "kind": "enrichment", "original": "{\"id\":\"960913\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960913/\",\"url\":\"http://89.160.20.156:35523/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:38:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -30986,7 +30348,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134495208Z", "kind": "enrichment", "original": "{\"id\":\"960910\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960910/\",\"url\":\"http://89.160.20.156:47418/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:38:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -31034,7 +30395,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134496024Z", "kind": "enrichment", "original": "{\"id\":\"960908\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960908/\",\"url\":\"http://89.160.20.156:53007/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:37:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31083,7 +30443,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134496845Z", "kind": "enrichment", "original": "{\"id\":\"960909\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960909/\",\"url\":\"http://89.160.20.156:38089/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:37:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31132,7 +30491,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134497672Z", "kind": "enrichment", "original": "{\"id\":\"960904\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960904/\",\"url\":\"http://89.160.20.156:35243/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:37:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31181,7 +30539,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134498493Z", "kind": "enrichment", "original": "{\"id\":\"960905\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960905/\",\"url\":\"http://89.160.20.156:50589/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:37:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31230,7 +30587,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134499428Z", "kind": "enrichment", "original": "{\"id\":\"960906\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960906/\",\"url\":\"http://89.160.20.156:42479/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:37:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31279,7 +30635,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134500249Z", "kind": "enrichment", "original": "{\"id\":\"960907\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960907/\",\"url\":\"http://89.160.20.156:43425/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:37:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31328,7 +30683,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134501084Z", "kind": "enrichment", "original": "{\"id\":\"960903\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960903/\",\"url\":\"http://89.160.20.156:35013/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:36:28 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31377,7 +30731,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134501904Z", "kind": "enrichment", "original": "{\"id\":\"960902\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960902/\",\"url\":\"http://89.160.20.156:35298/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:11 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31426,7 +30779,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134502790Z", "kind": "enrichment", "original": "{\"id\":\"960900\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960900/\",\"url\":\"http://89.160.20.156:54174/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31475,7 +30827,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134503662Z", "kind": "enrichment", "original": "{\"id\":\"960901\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960901/\",\"url\":\"http://89.160.20.156:42768/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:09 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31524,7 +30875,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134504481Z", "kind": "enrichment", "original": "{\"id\":\"960898\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960898/\",\"url\":\"http://89.160.20.156:59110/Mozi.a\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31573,7 +30923,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134505325Z", "kind": "enrichment", "original": "{\"id\":\"960899\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960899/\",\"url\":\"http://89.160.20.156:51476/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31622,7 +30971,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134506146Z", "kind": "enrichment", "original": "{\"id\":\"960897\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960897/\",\"url\":\"http://89.160.20.156:58839/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31671,7 +31019,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134507091Z", "kind": "enrichment", "original": "{\"id\":\"960894\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960894/\",\"url\":\"http://89.160.20.156:50249/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31720,7 +31067,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134507915Z", "kind": "enrichment", "original": "{\"id\":\"960895\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960895/\",\"url\":\"http://89.160.20.156:46173/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31769,7 +31115,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134508737Z", "kind": "enrichment", "original": "{\"id\":\"960896\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960896/\",\"url\":\"http://89.160.20.156:43785/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:35:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31818,7 +31163,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134509579Z", "kind": "enrichment", "original": "{\"id\":\"960893\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960893/\",\"url\":\"http://89.160.20.156:46924/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:34:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31867,7 +31211,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134510475Z", "kind": "enrichment", "original": "{\"id\":\"960892\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960892/\",\"url\":\"http://89.160.20.156:59734/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:34:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31916,7 +31259,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134511347Z", "kind": "enrichment", "original": "{\"id\":\"960889\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960889/\",\"url\":\"http://89.160.20.156:51620/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -31965,7 +31307,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134512228Z", "kind": "enrichment", "original": "{\"id\":\"960890\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960890/\",\"url\":\"http://89.160.20.156:42585/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32014,7 +31355,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134513051Z", "kind": "enrichment", "original": "{\"id\":\"960891\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960891/\",\"url\":\"http://89.160.20.156:57941/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:34:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32064,7 +31404,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134513883Z", "kind": "enrichment", "original": "{\"id\":\"960888\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960888/\",\"url\":\"http://89.160.20.156:38308/i\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:32:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"geenensp\",\"larted\":\"true\",\"tags\":[\"32-bit\",\"elf\",\"mips\"]}", "type": "indicator" @@ -32112,7 +31451,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134514817Z", "kind": "enrichment", "original": "{\"id\":\"960887\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960887/\",\"url\":\"http://89.160.20.156:55281/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:22:44 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32161,7 +31499,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134516986Z", "kind": "enrichment", "original": "{\"id\":\"960886\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960886/\",\"url\":\"http://89.160.20.156:57662/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:22:07 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32210,7 +31547,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134517860Z", "kind": "enrichment", "original": "{\"id\":\"960885\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960885/\",\"url\":\"http://89.160.20.156:40738/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:22:06 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32259,7 +31595,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134518681Z", "kind": "enrichment", "original": "{\"id\":\"960884\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960884/\",\"url\":\"http://89.160.20.156:59018/Mozi.m\",\"url_status\":\"offline\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:22:05 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32308,7 +31643,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134519550Z", "kind": "enrichment", "original": "{\"id\":\"960880\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960880/\",\"url\":\"http://89.160.20.156:60279/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32357,7 +31691,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134520407Z", "kind": "enrichment", "original": "{\"id\":\"960881\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960881/\",\"url\":\"http://89.160.20.156:52738/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32406,7 +31739,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134521258Z", "kind": "enrichment", "original": "{\"id\":\"960882\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960882/\",\"url\":\"http://89.160.20.156:37394/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32455,7 +31787,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134522070Z", "kind": "enrichment", "original": "{\"id\":\"960883\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960883/\",\"url\":\"http://89.160.20.156:56491/Mozi.m\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:22:04 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" @@ -32504,7 +31835,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:54:34.134522888Z", "kind": "enrichment", "original": "{\"id\":\"960879\",\"urlhaus_reference\":\"https://urlhaus.abuse.ch/url/960879/\",\"url\":\"http://89.160.20.156:46067/Mozi.a\",\"url_status\":\"online\",\"host\":\"89.160.20.156\",\"date_added\":\"2021-01-14 15:20:19 UTC\",\"threat\":\"malware_download\",\"blacklists\":{\"spamhaus_dbl\":\"not listed\",\"surbl\":\"not listed\"},\"reporter\":\"lrz_urlhaus\",\"larted\":\"true\",\"tags\":[\"elf\",\"Mozi\"]}", "type": "indicator" diff --git a/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml b/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml index 1fca5c4235e..1765d7608ae 100644 --- a/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_abusech/data_stream/url/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.0.0" diff --git a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json index f6a1eba63a4..1ad4d4e3895 100644 --- a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json +++ b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json @@ -25,7 +25,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399956690Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:57.431Z\",\"description\":\"TS ID: 55241332361; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--44c85d4f-45ca-4977-b693-c810bbfb7a28\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T02:58:57.431Z\",\"name\":\"mal_url: http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:57.431Z\"}", "type": "indicator" @@ -77,7 +76,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399959745Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:57.503Z\",\"description\":\"TS ID: 55241332307; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--f9fe5c81-6869-4247-af81-62b7c8aba209\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-22T02:58:57.503Z\",\"name\":\"mal_url: http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:57.503Z\"}", "type": "indicator" @@ -129,7 +127,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399960717Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:57.57Z\",\"description\":\"TS ID: 55241332302; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--b0e14122-9005-4776-99fc-00872476c6d1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-01-22T02:58:57.57Z\",\"name\":\"mal_url: http://f0387770.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387770.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:57.57Z\"}", "type": "indicator" @@ -180,7 +177,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399961618Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:59.366Z\",\"description\":\"TS ID: 55241332312; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime\",\"id\":\"indicator--111ec76f-616d-4aa8-80fd-e11ef0066aba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-50\"],\"modified\":\"2020-01-22T02:58:59.366Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:59.366Z\"}", "type": "indicator" @@ -231,7 +227,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399962875Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:58:59.457Z\",\"description\":\"TS ID: 55241332386; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--189ce776-6d7e-4e85-9222-de5876644988\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-66\"],\"modified\":\"2020-01-22T02:58:59.457Z\",\"name\":\"mal_url: http://appareluea.com/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://appareluea.com/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:58:59.457Z\"}", "type": "indicator" @@ -283,7 +278,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399963776Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:06.402Z\",\"description\":\"TS ID: 55241332391; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--a4144d34-b86d-475e-8047-eb46b48ee325\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-22T02:59:06.402Z\",\"name\":\"mal_url: http://nkpotu.xyz/Kpot3/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nkpotu.xyz/Kpot3/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:06.402Z\"}", "type": "indicator" @@ -335,7 +329,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399964598Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:19.99Z\",\"description\":\"TS ID: 55241332372; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime\",\"id\":\"indicator--983d9c3d-b7f8-4345-b643-b1d18e6ac6b2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-49\"],\"modified\":\"2020-01-22T02:59:19.99Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:19.99Z\"}", "type": "indicator" @@ -380,7 +373,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399965397Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:20.155Z\",\"description\":\"TS ID: 55241332313; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--f9c6386b-dba2-41f9-8160-d307671e5c8e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-01-22T02:59:20.155Z\",\"name\":\"mal_url: http://ntrcgroup.com/nze/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ntrcgroup.com/nze/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:20.155Z\"}", "type": "indicator" @@ -432,7 +424,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399966143Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:25.521Z\",\"description\":\"TS ID: 55241332350; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--98fad53e-5389-47f7-a3ff-44d334af2d6b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T02:59:25.521Z\",\"name\":\"mal_url: http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:25.521Z\"}", "type": "indicator" @@ -484,7 +475,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399967026Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:25.626Z\",\"description\":\"TS ID: 55241332291; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--76c01735-fb76-463d-9609-9ea3aedf3f4f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-22T02:59:25.626Z\",\"name\":\"mal_url: http://f0390764.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0390764.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:25.626Z\"}", "type": "indicator" @@ -535,7 +525,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399967806Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:36.461Z\",\"description\":\"TS ID: 55241332343; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--e0a812dc-63c8-4949-b038-2241b2dbfcdc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-01-22T02:59:36.461Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:36.461Z\"}", "type": "indicator" @@ -580,7 +569,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399968768Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:41.193Z\",\"description\":\"TS ID: 55241332316; iType: mal_url; State: active; Org: Sksa Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--6f0d8607-21cb-4738-9712-f4fd91a37f7d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-22T02:59:41.193Z\",\"name\":\"mal_url: http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:41.193Z\"}", "type": "indicator" @@ -632,7 +620,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399969723Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:41.228Z\",\"description\":\"TS ID: 55241332284; iType: mal_url; State: active; Org: Oltelecom Jsc; Source: CyberCrime\",\"id\":\"indicator--c649d6d4-87c4-4b76-bfc2-75a509ccb187\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-01-22T02:59:41.228Z\",\"name\":\"mal_url: http://89.160.20.156/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:41.228Z\"}", "type": "indicator" @@ -683,7 +670,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399970520Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:51.313Z\",\"description\":\"TS ID: 55241332337; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--408ebd2d-063f-4646-b2e7-c00519869736\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-01-22T02:59:51.313Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:51.313Z\"}", "type": "indicator" @@ -728,7 +714,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399971318Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:51.372Z\",\"description\":\"TS ID: 55241332324; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--e1d215cb-c7a5-40e0-bc53-8f92a2bcaba8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-38\"],\"modified\":\"2020-01-22T02:59:51.372Z\",\"name\":\"mal_ip: 192.168.119.172\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '192.168.119.172']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:51.372Z\"}", "type": "indicator" @@ -773,7 +758,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399972115Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T02:59:51.442Z\",\"description\":\"TS ID: 55241332296; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--6f3a4a2b-62e3-48ef-94ae-70103f09cf7e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-01-22T02:59:51.442Z\",\"name\":\"mal_url: http://f0389246.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0389246.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T02:59:51.442Z\"}", "type": "indicator" @@ -824,7 +808,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399972994Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:01.563Z\",\"description\":\"TS ID: 55241332400; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--213519c9-f511-4188-89c8-159f35f08008\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-66\"],\"modified\":\"2020-01-22T03:00:01.563Z\",\"name\":\"mal_url: http://appareluea.com/server/cp.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://appareluea.com/server/cp.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:01.563Z\"}", "type": "indicator" @@ -876,7 +859,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399973786Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:03.138Z\",\"description\":\"TS ID: 55241332396; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--5a563c85-c528-4e33-babe-2dcff34f73c4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-22T03:00:03.138Z\",\"name\":\"mal_url: http://nkpotu.xyz/Kpot2/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nkpotu.xyz/Kpot2/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:03.138Z\"}", "type": "indicator" @@ -928,7 +910,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399974575Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:03.396Z\",\"description\":\"TS ID: 55241332363; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--f3e33aab-e2af-4c15-8cb9-f008a37cf986\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T03:00:03.396Z\",\"name\":\"mal_url: http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:03.396Z\"}", "type": "indicator" @@ -980,7 +961,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399975317Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:03.642Z\",\"description\":\"TS ID: 55241332320; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--f03f098d-2fa9-49e1-a7dd-02518aa105fa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-22T03:00:03.642Z\",\"name\":\"mal_url: http://mecharnise.ir/ca4/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mecharnise.ir/ca4/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:03.642Z\"}", "type": "indicator" @@ -1032,7 +1012,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399976104Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:27.534Z\",\"description\":\"TS ID: 55241332367; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--e72e3ba0-7de5-46bb-ab1e-efdf3e0a0b3b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T03:00:27.534Z\",\"name\":\"mal_url: http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:27.534Z\"}", "type": "indicator" @@ -1084,7 +1063,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399976944Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:27.591Z\",\"description\":\"TS ID: 55241332317; iType: mal_url; State: active; Org: SoftLayer Technologies; Source: CyberCrime\",\"id\":\"indicator--d6b59b66-5020-4368-85a7-196026856ea9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-78\"],\"modified\":\"2020-01-22T03:00:27.591Z\",\"name\":\"mal_url: http://kironofer.com/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kironofer.com/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:27.591Z\"}", "type": "indicator" @@ -1136,7 +1114,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399977687Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:45.787Z\",\"description\":\"TS ID: 55241332309; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--aff7b07f-acc7-4bec-ab19-1fce972bfd09\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-22T03:00:45.787Z\",\"name\":\"mal_url: http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:45.787Z\"}", "type": "indicator" @@ -1188,7 +1165,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399978712Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:45.841Z\",\"description\":\"TS ID: 55241332286; iType: mal_url; State: active; Org: Garanntor-Hosting; Source: CyberCrime\",\"id\":\"indicator--ba71ba3a-1efd-40da-ab0d-f4397d6fc337\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-22T03:00:45.841Z\",\"name\":\"mal_url: http://smartlinktelecom.top/kings/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://smartlinktelecom.top/kings/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:45.841Z\"}", "type": "indicator" @@ -1240,7 +1216,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399979511Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:45.959Z\",\"description\":\"TS ID: 55241332339; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--17777e7f-3e91-4446-a43d-79139de8a948\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-01-22T03:00:45.959Z\",\"name\":\"mal_url: http://carirero.net/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://carirero.net/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:45.959Z\"}", "type": "indicator" @@ -1292,7 +1267,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399980257Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:46.025Z\",\"description\":\"TS ID: 55241332319; iType: mal_ip; State: active; Org: SoftLayer Technologies; Source: CyberCrime\",\"id\":\"indicator--f6be1804-cfe4-4f41-9338-2b65f5b1dda1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-30\"],\"modified\":\"2020-01-22T03:00:46.025Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:46.025Z\"}", "type": "indicator" @@ -1337,7 +1311,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399981115Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:00:57.729Z\",\"description\":\"TS ID: 55241332305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--b4fd8489-9589-4f70-996c-84989245a21b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-43\"],\"modified\":\"2020-01-22T03:00:57.729Z\",\"name\":\"mal_url: http://tuu.nu/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tuu.nu/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:00:57.729Z\"}", "type": "indicator" @@ -1388,7 +1361,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399981965Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:02.696Z\",\"description\":\"TS ID: 55241332346; iType: mal_url; State: active; Org: Ifx Networks Colombia; Source: CyberCrime\",\"id\":\"indicator--bc50c62f-a015-4460-87df-2137626877e3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-36\"],\"modified\":\"2020-01-22T03:01:02.696Z\",\"name\":\"mal_url: http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:02.696Z\"}", "type": "indicator" @@ -1440,7 +1412,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399982769Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:02.807Z\",\"description\":\"TS ID: 55241332323; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--2765af4b-bfb7-4ac8-82d2-ab6ed8a52461\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-01-22T03:01:02.807Z\",\"name\":\"mal_url: http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:02.807Z\"}", "type": "indicator" @@ -1492,7 +1463,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399983511Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:24.81Z\",\"description\":\"TS ID: 55241332399; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--9c0e63a1-c32a-470a-bf09-51488e239c63\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-22T03:01:24.81Z\",\"name\":\"mal_url: http://nkpotu.xyz/Kpot1/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nkpotu.xyz/Kpot1/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:24.81Z\"}", "type": "indicator" @@ -1544,7 +1514,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399984329Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:41.158Z\",\"description\":\"TS ID: 55241332328; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--8047678e-20be-4116-9bc4-7bb7c26554e0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-22T03:01:41.158Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:41.158Z\"}", "type": "indicator" @@ -1589,7 +1558,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399985169Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:57.189Z\",\"description\":\"TS ID: 55241332377; iType: mal_url; State: active; Org: A100 ROW GmbH; Source: CyberCrime\",\"id\":\"indicator--c57a880c-1ce0-45de-9bab-fb2910454a61\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-01-22T03:01:57.189Z\",\"name\":\"mal_url: http://35.158.92.3/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://35.158.92.3/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:57.189Z\"}", "type": "indicator" @@ -1641,7 +1609,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399985909Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:01:57.279Z\",\"description\":\"TS ID: 55241332101; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--6056152c-0fa5-4e34-871a-3c8990f1ee46\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-42\"],\"modified\":\"2020-01-22T03:01:57.279Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:01:57.279Z\"}", "type": "indicator" @@ -1686,7 +1653,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399986678Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:02:50.57Z\",\"description\":\"TS ID: 55241332357; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--23215acb-4989-4434-ac6d-8f9367734f0f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T03:02:50.57Z\",\"name\":\"mal_url: http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:02:50.57Z\"}", "type": "indicator" @@ -1738,7 +1704,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399987659Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:02:52.496Z\",\"description\":\"TS ID: 55241332289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--452ece92-9ff2-4f99-8a7f-fd614ebea8cf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-26\"],\"modified\":\"2020-01-22T03:02:52.496Z\",\"name\":\"mal_url: http://f0391600.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391600.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:02:52.496Z\"}", "type": "indicator" @@ -1789,7 +1754,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399988458Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:03:42.819Z\",\"description\":\"TS ID: 55241332334; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--10958d74-ec60-41af-a1ab-1613257e670f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-01-22T03:03:42.819Z\",\"name\":\"mal_url: http://extraclick.space/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://extraclick.space/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:03:42.819Z\"}", "type": "indicator" @@ -1841,7 +1805,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399989199Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:03:52.044Z\",\"description\":\"TS ID: 55241332326; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--19556daa-6293-400d-8706-d0baa6b16b7a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-22T03:03:52.044Z\",\"name\":\"mal_url: http://petrogarmani.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://petrogarmani.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:03:52.044Z\"}", "type": "indicator" @@ -1893,7 +1856,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399990137Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:04:01.65Z\",\"description\":\"TS ID: 55241332311; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--b09d9be9-6703-4a7d-a066-2baebb6418fc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-22T03:04:01.65Z\",\"name\":\"mal_url: http://worldatdoor.in/mighty/32/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/mighty/32/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:04:01.65Z\"}", "type": "indicator" @@ -1945,7 +1907,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399990883Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:04:32.717Z\",\"description\":\"TS ID: 55241332341; iType: mal_url; State: active; Org: Institute of Philosophy, Russian Academy of Scienc; Source: CyberCrime\",\"id\":\"indicator--43febf7d-4185-4a12-a868-e7be690b14aa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-01-22T03:04:32.717Z\",\"name\":\"mal_url: http://zanlma.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://zanlma.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:04:32.717Z\"}", "type": "indicator" @@ -1996,7 +1957,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399991627Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:04:56.858Z\",\"description\":\"TS ID: 55241332303; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--a34728e6-f91d-47e6-a4d8-a69176299e45\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-22T03:04:56.858Z\",\"name\":\"mal_url: http://f0369688.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0369688.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:04:56.858Z\"}", "type": "indicator" @@ -2047,7 +2007,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399992437Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-22T03:04:59.245Z\",\"description\":\"TS ID: 55241332380; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ac821704-5eb2-4f8f-a8b6-2a168dbd0e54\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-22T03:04:59.245Z\",\"name\":\"mal_url: http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-22T03:04:59.245Z\"}", "type": "indicator" @@ -2099,7 +2058,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399993577Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:00:22.287Z\",\"description\":\"TS ID: 55245868747; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--0d3e1bd8-0f16-4c22-b8a1-663ec255ad79\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-57\"],\"modified\":\"2020-01-23T03:00:22.287Z\",\"name\":\"mal_ip: 192.168.214.199\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '192.168.214.199']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:00:22.287Z\"}", "type": "indicator" @@ -2144,7 +2102,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399994407Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:01:11.329Z\",\"description\":\"TS ID: 55245868770; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime\",\"id\":\"indicator--2cdd130a-c884-402d-b63c-e03f9448f5d9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-01-23T03:01:11.329Z\",\"name\":\"mal_url: http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:01:11.329Z\"}", "type": "indicator" @@ -2196,7 +2153,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399995219Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:01:36.682Z\",\"description\":\"TS ID: 55245868769; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--88e98e13-4bfd-4188-941a-f696a7b86b71\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-01-23T03:01:36.682Z\",\"name\":\"mal_url: http://imobiliariatirol.com/gh/panelnew/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://imobiliariatirol.com/gh/panelnew/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:01:36.682Z\"}", "type": "indicator" @@ -2248,7 +2204,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399996038Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:02:15.854Z\",\"description\":\"TS ID: 55245868772; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--27323b7d-85d3-4e89-8249-b7696925a772\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-23T03:02:15.854Z\",\"name\":\"mal_url: http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:02:15.854Z\"}", "type": "indicator" @@ -2300,7 +2255,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399996881Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:02:47.364Z\",\"description\":\"TS ID: 55245868766; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--b0639721-de55-48c6-b237-3859d61aecfb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-01-23T03:02:47.364Z\",\"name\":\"mal_url: http://f0392261.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0392261.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:02:47.364Z\"}", "type": "indicator" @@ -2351,7 +2305,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399997673Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:03:05.048Z\",\"description\":\"TS ID: 55245868749; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--677e714d-c237-42a1-b6b7-9145acd13eee\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-01-23T03:03:05.048Z\",\"name\":\"mal_url: http://89.160.20.156/panel/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:03:05.048Z\"}", "type": "indicator" @@ -2403,7 +2356,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399998465Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:03:15.734Z\",\"description\":\"TS ID: 55245868767; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--5baa1dbd-d74e-408c-92b5-0a9f97e4b87a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-01-23T03:03:15.734Z\",\"name\":\"mal_url: http://f0387404.xsph.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387404.xsph.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:03:15.734Z\"}", "type": "indicator" @@ -2455,7 +2407,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.399999221Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-23T03:03:42.599Z\",\"description\":\"TS ID: 55245868768; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--4563241e-5d2f-41a7-adb9-3925a5eeb1b1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-01-23T03:03:42.599Z\",\"name\":\"mal_url: http://a0386457.xsph.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://a0386457.xsph.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-23T03:03:42.599Z\"}", "type": "indicator" @@ -2507,7 +2458,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400000008Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:04.821Z\",\"description\":\"TS ID: 55250078037; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--70cb5d42-91d3-4efe-8c47-995fc0ac4141\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-24T02:57:04.821Z\",\"name\":\"mal_url: http://defenseisrael.com/dis/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://defenseisrael.com/dis/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:04.821Z\"}", "type": "indicator" @@ -2559,7 +2509,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400000851Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:04.857Z\",\"description\":\"TS ID: 55250078030; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--3aa712bb-b5d4-4632-bf50-48a4aeeaeb6d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-24T02:57:04.857Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:04.857Z\"}", "type": "indicator" @@ -2604,7 +2553,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400001738Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:04.883Z\",\"description\":\"TS ID: 55250078019; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--64227c7d-86ea-4146-a868-3decb5aa5f1d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-01-24T02:57:04.883Z\",\"name\":\"mal_url: http://lbfb3f03.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lbfb3f03.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:04.883Z\"}", "type": "indicator" @@ -2655,7 +2603,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400002524Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:12.997Z\",\"description\":\"TS ID: 55250078035; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--37fcf9a7-1a90-4d81-be0a-e824a4fa938e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-24T02:57:12.997Z\",\"name\":\"mal_url: http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:12.997Z\"}", "type": "indicator" @@ -2707,7 +2654,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400003271Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:13.025Z\",\"description\":\"TS ID: 55250078008; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--5a38786f-107e-4060-a7c9-ea8a5ded6aac\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-24T02:57:13.025Z\",\"name\":\"mal_url: http://199.192.168.11/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://199.192.168.11/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:13.025Z\"}", "type": "indicator" @@ -2759,7 +2705,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400004228Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:32.901Z\",\"description\":\"TS ID: 55250078038; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--3eb79b31-1d6d-438c-a848-24a3407f6e32\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-24T02:57:32.901Z\",\"name\":\"mal_url: http://89.160.20.156/aW8bVds1/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/aW8bVds1/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:32.901Z\"}", "type": "indicator" @@ -2811,7 +2756,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400005120Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:32.929Z\",\"description\":\"TS ID: 55250078026; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--a050832c-db6e-49a0-8470-7a3cd8f17178\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-24T02:57:32.929Z\",\"name\":\"mal_url: http://lansome.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lansome.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:32.929Z\"}", "type": "indicator" @@ -2862,7 +2806,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400005941Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:57:49.028Z\",\"description\":\"TS ID: 55250078034; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--e88008f4-76fc-428d-831a-4b389e48b712\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-24T02:57:49.028Z\",\"name\":\"mal_url: http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:57:49.028Z\"}", "type": "indicator" @@ -2914,7 +2857,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400006781Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:03.345Z\",\"description\":\"TS ID: 55250078032; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--dafe91cf-787c-471c-9afe-f7bb20a1b93f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-01-24T02:58:03.345Z\",\"name\":\"mal_url: http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:03.345Z\"}", "type": "indicator" @@ -2966,7 +2908,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400007575Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:16.318Z\",\"description\":\"TS ID: 55250078031; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--232bdc34-44cb-4f41-af52-f6f1cd28818e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-24T02:58:16.318Z\",\"name\":\"mal_url: http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:16.318Z\"}", "type": "indicator" @@ -3018,7 +2959,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400008379Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:16.358Z\",\"description\":\"TS ID: 55250078027; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--4adabe80-3be4-401a-948a-f9724c872374\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-66\"],\"modified\":\"2020-01-24T02:58:16.358Z\",\"name\":\"mal_url: http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:16.358Z\"}", "type": "indicator" @@ -3070,7 +3010,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400009231Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:32.126Z\",\"description\":\"TS ID: 55250078013; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--1d7051c0-a42b-4801-bd7f-f0abf2cc125c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-24T02:58:32.126Z\",\"name\":\"mal_url: http://suspiciousactivity.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://suspiciousactivity.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:32.126Z\"}", "type": "indicator" @@ -3121,7 +3060,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400009981Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:37.603Z\",\"description\":\"TS ID: 55250078017; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--fb06856c-8aad-4fae-92fc-b73aae4f6dc7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-24T02:58:37.603Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:37.603Z\"}", "type": "indicator" @@ -3172,7 +3110,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400010738Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:37.643Z\",\"description\":\"TS ID: 55250078012; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--33e674f5-a64a-48f4-9d8c-248348356135\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-01-24T02:58:37.643Z\",\"name\":\"mal_url: http://f0387550.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387550.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:37.643Z\"}", "type": "indicator" @@ -3223,7 +3160,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400011478Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:58:39.465Z\",\"description\":\"TS ID: 55250078018; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--6311f539-1d5d-423f-a238-d0c1dc167432\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-24T02:58:39.465Z\",\"name\":\"mal_url: http://lf4e4abf.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lf4e4abf.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:58:39.465Z\"}", "type": "indicator" @@ -3274,7 +3210,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400012318Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:02.031Z\",\"description\":\"TS ID: 55250078033; iType: mal_ip; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--1c91f219-cfa6-44c7-a5ee-1c760489b43c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-24T02:59:02.031Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:02.031Z\"}", "type": "indicator" @@ -3319,7 +3254,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400013065Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:15.878Z\",\"description\":\"TS ID: 55250078010; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime\",\"id\":\"indicator--c58983e2-18fd-47b8-aab4-6c8a2e2dcb35\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-01-24T02:59:15.878Z\",\"name\":\"mal_url: http://67.215.224.101/a1/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://67.215.224.101/a1/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:15.878Z\"}", "type": "indicator" @@ -3371,7 +3305,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400013811Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:29.155Z\",\"description\":\"TS ID: 55250078000; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--1ab178a8-7991-4879-b9aa-8da49f40e92e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-01-24T02:59:29.155Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:29.155Z\"}", "type": "indicator" @@ -3416,7 +3349,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400014718Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:50.233Z\",\"description\":\"TS ID: 55250078020; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--d5bdff38-6939-4a47-8e11-b910520565c4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-78\"],\"modified\":\"2020-01-24T02:59:50.233Z\",\"name\":\"mal_url: http://l60bdd58.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l60bdd58.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:50.233Z\"}", "type": "indicator" @@ -3467,7 +3399,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400015582Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:50.255Z\",\"description\":\"TS ID: 55250078009; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--1be74977-5aa6-4175-99dd-32b54863a06b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-25\"],\"modified\":\"2020-01-24T02:59:50.255Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.azma/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.azma/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:50.255Z\"}", "type": "indicator" @@ -3519,7 +3450,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400016365Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:52.536Z\",\"description\":\"TS ID: 55250078023; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--eacc25ce-584c-4b40-98ab-7935dabd5cb1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-78\"],\"modified\":\"2020-01-24T02:59:52.536Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:52.536Z\"}", "type": "indicator" @@ -3570,7 +3500,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400017159Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:54.784Z\",\"description\":\"TS ID: 55250078025; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--504f4011-eaea-4921-aad5-f102bef7c798\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-01-24T02:59:54.784Z\",\"name\":\"mal_url: http://trotdeiman.ga/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trotdeiman.ga/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:54.784Z\"}", "type": "indicator" @@ -3621,7 +3550,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400018061Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T02:59:54.815Z\",\"description\":\"TS ID: 55250078014; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--e3ffb953-6c59-461a-8242-0d26c2b5c358\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-24T02:59:54.815Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T02:59:54.815Z\"}", "type": "indicator" @@ -3666,7 +3594,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400018872Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:01.726Z\",\"description\":\"TS ID: 55250078036; iType: mal_ip; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--3a47ad46-930d-4ced-b0e7-dc9d0776153e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-24T03:00:01.726Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:01.726Z\"}", "type": "indicator" @@ -3711,7 +3638,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400019616Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:01.762Z\",\"description\":\"TS ID: 55250078011; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--0e10924c-745c-4a58-8e27-ab3a6bacd666\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-01-24T03:00:01.762Z\",\"name\":\"mal_url: http://tavim.org/includes/firmino/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tavim.org/includes/firmino/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:01.762Z\"}", "type": "indicator" @@ -3763,7 +3689,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400020597Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:10.928Z\",\"description\":\"TS ID: 55250078015; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--c3fb816a-cc3b-4442-be4d-d62113ae5168\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-24T03:00:10.928Z\",\"name\":\"mal_url: http://onlinesecuritycenter.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://onlinesecuritycenter.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:10.928Z\"}", "type": "indicator" @@ -3814,7 +3739,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400021398Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:20.166Z\",\"description\":\"TS ID: 55250078029; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--9159e46d-f3a4-464b-ac68-8beaf87e1a8f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-24T03:00:20.166Z\",\"name\":\"mal_url: http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:20.166Z\"}", "type": "indicator" @@ -3866,7 +3790,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400022198Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:24.048Z\",\"description\":\"TS ID: 55250078016; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--fefa8e76-ae0f-41ab-84e7-ea43ab055573\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-24T03:00:24.048Z\",\"name\":\"mal_url: http://jumbajumbadun.fun/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jumbajumbadun.fun/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:24.048Z\"}", "type": "indicator" @@ -3917,7 +3840,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400023189Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:00:55.816Z\",\"description\":\"TS ID: 55250078024; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--6a76fa89-4d5f-40d0-9b03-671bdb2d5b4b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-01-24T03:00:55.816Z\",\"name\":\"mal_url: http://tavim.org/includes/salah/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tavim.org/includes/salah/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:00:55.816Z\"}", "type": "indicator" @@ -3969,7 +3891,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400024038Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:01:10.501Z\",\"description\":\"TS ID: 55250078022; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--21055dfd-d0cb-42ec-93bd-ffaeadd11d80\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-01-24T03:01:10.501Z\",\"name\":\"mal_url: http://l0c23205.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l0c23205.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:01:10.501Z\"}", "type": "indicator" @@ -4020,7 +3941,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400024838Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:01:10.518Z\",\"description\":\"TS ID: 55250078021; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--7471a595-e8b0-4c41-be4c-0a3e55675630\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-24T03:01:10.518Z\",\"name\":\"mal_url: http://l535e9e5.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l535e9e5.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:01:10.518Z\"}", "type": "indicator" @@ -4071,7 +3991,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400025632Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-24T03:01:14.843Z\",\"description\":\"TS ID: 55250078007; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--ead1e7e5-fdb3-47c2-9476-aa82741c038e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-24T03:01:14.843Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-24T03:01:14.843Z\"}", "type": "indicator" @@ -4116,7 +4035,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400026379Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:12.699Z\",\"description\":\"TS ID: 55253484365; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime\",\"id\":\"indicator--b0aee6bf-32f4-4f65-8de6-f65e04e92b15\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-25T02:57:12.699Z\",\"name\":\"mal_url: http://89.160.20.156/northon/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/northon/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:12.699Z\"}", "type": "indicator" @@ -4167,7 +4085,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400027237Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:28.034Z\",\"description\":\"TS ID: 55253484350; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--54afbceb-72f3-484e-aee4-904f77beeff6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-25T02:57:28.034Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:28.034Z\"}", "type": "indicator" @@ -4218,7 +4135,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400028027Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:38.187Z\",\"description\":\"TS ID: 55253484356; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--da030e10-af9f-462d-bda8-33abb223e950\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:57:38.187Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/scan/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/scan/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:38.187Z\"}", "type": "indicator" @@ -4270,7 +4186,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400028825Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:38.214Z\",\"description\":\"TS ID: 55253484343; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--d38e051a-bc5b-4723-884a-65e017d98299\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-01-25T02:57:38.214Z\",\"name\":\"mal_url: http://f0391587.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391587.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:38.214Z\"}", "type": "indicator" @@ -4321,7 +4236,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400029672Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:47.281Z\",\"description\":\"TS ID: 55253484367; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime\",\"id\":\"indicator--46491826-6ba1-4217-a35e-1eb0081a9e6a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-25T02:57:47.281Z\",\"name\":\"mal_url: http://89.160.20.156:8080/northon/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156:8080/northon/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:47.281Z\"}", "type": "indicator" @@ -4373,7 +4287,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400030712Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:51.296Z\",\"description\":\"TS ID: 55253484342; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--b9715fd5-b89a-4859-b19f-55e052709227\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-01-25T02:57:51.296Z\",\"name\":\"mal_url: http://f0393086.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0393086.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:51.296Z\"}", "type": "indicator" @@ -4424,7 +4337,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400031549Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:56.007Z\",\"description\":\"TS ID: 55253484363; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--e3177515-f481-46c8-bad8-582ba0858ef3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-25T02:57:56.007Z\",\"name\":\"mal_url: http://insuncos.com/files1/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://insuncos.com/files1/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:56.007Z\"}", "type": "indicator" @@ -4476,7 +4388,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400032380Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:57:56.044Z\",\"description\":\"TS ID: 55253484339; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime\",\"id\":\"indicator--33cdeaeb-5201-4fbb-b9ae-9c23377e7533\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:57:56.044Z\",\"name\":\"mal_url: http://tg-h.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tg-h.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:57:56.044Z\"}", "type": "indicator" @@ -4527,7 +4438,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400033238Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:11.038Z\",\"description\":\"TS ID: 55253484351; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--2baaa5f0-c2f6-4bd1-b59d-3a75931da735\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-25T02:58:11.038Z\",\"name\":\"mal_url: http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:11.038Z\"}", "type": "indicator" @@ -4579,7 +4489,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400033982Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:20.42Z\",\"description\":\"TS ID: 55253484366; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime\",\"id\":\"indicator--f1bdef49-666f-46b5-a323-efa1f1446b62\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-01-25T02:58:20.42Z\",\"name\":\"mal_url: http://89.160.20.156/northon/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/northon/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:20.42Z\"}", "type": "indicator" @@ -4630,7 +4539,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400034729Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:20.448Z\",\"description\":\"TS ID: 55253484354; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--a173f4b1-67ce-44f8-a6d0-bd8a24e8c593\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-25T02:58:20.448Z\",\"name\":\"mal_url: http://topik07.mcdir.ru/papka/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://topik07.mcdir.ru/papka/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:20.448Z\"}", "type": "indicator" @@ -4682,7 +4590,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400035596Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:33.189Z\",\"description\":\"TS ID: 55253484362; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--b53dded1-d293-4cd1-9e63-b6e0cbd850f0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-25T02:58:33.189Z\",\"name\":\"mal_url: http://insuncos.com/files2/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://insuncos.com/files2/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:33.189Z\"}", "type": "indicator" @@ -4734,7 +4641,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400036449Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:49.056Z\",\"description\":\"TS ID: 55253484364; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime\",\"id\":\"indicator--2b30f8fe-13e8-4a7d-8eba-3e59c288bef7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-01-25T02:58:49.056Z\",\"name\":\"mal_url: http://89.160.20.156/kaspersky/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/kaspersky/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:49.056Z\"}", "type": "indicator" @@ -4785,7 +4691,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400037332Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:58:59.472Z\",\"description\":\"TS ID: 55253484357; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--f502199a-17a4-404b-a114-fb5eda28c32c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:58:59.472Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/mh/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/mh/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:58:59.472Z\"}", "type": "indicator" @@ -4837,7 +4742,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400038130Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:27.07Z\",\"description\":\"TS ID: 55253484359; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--af7422eb-5d8e-4878-bdd1-395313434dae\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:59:27.07Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/ch/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/ch/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:27.07Z\"}", "type": "indicator" @@ -4889,7 +4793,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400039256Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:28.967Z\",\"description\":\"TS ID: 55253484358; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--71b36c05-86dd-4685-81c0-5a99e2e14c23\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T02:59:28.967Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/dar/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/dar/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:28.967Z\"}", "type": "indicator" @@ -4941,7 +4844,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400040086Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:37.661Z\",\"description\":\"TS ID: 55253484352; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--9d948509-dfb4-45b6-b8bc-780df88a213f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-25T02:59:37.661Z\",\"name\":\"mal_url: http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:37.661Z\"}", "type": "indicator" @@ -4993,7 +4895,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400040881Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:37.692Z\",\"description\":\"TS ID: 55253484224; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--9f613f8e-2040-4eee-8044-044023a8093e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-01-25T02:59:37.692Z\",\"name\":\"mal_ip: 192.168.118.56\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '192.168.118.56']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:37.692Z\"}", "type": "indicator" @@ -5038,7 +4939,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400041639Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:54.296Z\",\"description\":\"TS ID: 55253484361; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--518c3959-6c26-413f-9a5f-c8f76d86185a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-25T02:59:54.296Z\",\"name\":\"mal_url: http://insuncos.com/files3/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://insuncos.com/files3/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:54.296Z\"}", "type": "indicator" @@ -5090,7 +4990,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400042381Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T02:59:57.748Z\",\"description\":\"TS ID: 55253484347; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--625b94ec-2304-4502-a2eb-59d52cdb9c1f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-01-25T02:59:57.748Z\",\"name\":\"mal_url: http://t95212tt.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://t95212tt.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T02:59:57.748Z\"}", "type": "indicator" @@ -5141,7 +5040,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400043128Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:00:22.168Z\",\"description\":\"TS ID: 55253484349; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--c8f76b97-051f-4fab-b57f-a57f37480aa0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-25T03:00:22.168Z\",\"name\":\"mal_url: http://kiototan.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kiototan.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:00:22.168Z\"}", "type": "indicator" @@ -5192,7 +5090,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400043880Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:00:27.279Z\",\"description\":\"TS ID: 55253484353; iType: mal_ip; State: active; Org: Com Telecom; Source: CyberCrime\",\"id\":\"indicator--7abc3f41-e952-481f-8bf7-7b52af05451f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-01-25T03:00:27.279Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:00:27.279Z\"}", "type": "indicator" @@ -5237,7 +5134,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400044636Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:00:29.248Z\",\"description\":\"TS ID: 55253484340; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--72334129-8d1c-4cac-bde6-2d5d6316e266\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-25T03:00:29.248Z\",\"name\":\"mal_url: http://newfoundfriend.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://newfoundfriend.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:00:29.248Z\"}", "type": "indicator" @@ -5288,7 +5184,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400045440Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:01:03.628Z\",\"description\":\"TS ID: 55253484360; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--a3f8f1e3-77c5-442d-a918-5d3d800a8357\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T03:01:03.628Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/bi/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/bi/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:01:03.628Z\"}", "type": "indicator" @@ -5340,7 +5235,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400046236Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-25T03:01:03.65Z\",\"description\":\"TS ID: 55253484355; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--49bac194-cefe-4c31-81eb-cc81a3a3bb26\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-25T03:01:03.65Z\",\"name\":\"mal_url: http://officelog.org/inc/js/jstree/vic/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://officelog.org/inc/js/jstree/vic/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-25T03:01:03.65Z\"}", "type": "indicator" @@ -5392,7 +5286,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400046996Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:54:41.651Z\",\"description\":\"TS ID: 55256890160; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--ec5f9f49-249b-4fc4-bb91-849c892c7453\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:54:41.651Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:54:41.651Z\"}", "type": "indicator" @@ -5443,7 +5336,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400047796Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:54:41.675Z\",\"description\":\"TS ID: 55256890149; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--3e082be1-f6be-45f6-811b-5e63e2a596c5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-26T02:54:41.675Z\",\"name\":\"mal_url: http://privatepp.club/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://privatepp.club/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:54:41.675Z\"}", "type": "indicator" @@ -5494,7 +5386,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400048543Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:54:41.705Z\",\"description\":\"TS ID: 55256890147; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--95774d83-e0e1-45e4-ab1c-1bb27588fa92\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-26T02:54:41.705Z\",\"name\":\"mal_url: http://109.94.208.144/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://109.94.208.144/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:54:41.705Z\"}", "type": "indicator" @@ -5545,7 +5436,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400049291Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:15.583Z\",\"description\":\"TS ID: 55256890123; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--0149e0f7-629c-41c5-a1e7-144b3c22d362\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-32\"],\"modified\":\"2020-01-26T02:55:15.583Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:15.583Z\"}", "type": "indicator" @@ -5597,7 +5487,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400050161Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:15.785Z\",\"description\":\"TS ID: 55256890140; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime\",\"id\":\"indicator--751f6e49-92d5-4ff4-9245-870a49dce478\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:55:15.785Z\",\"name\":\"mal_url: http://molmarsl.com/leks/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://molmarsl.com/leks/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:15.785Z\"}", "type": "indicator" @@ -5649,7 +5538,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400050911Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:22.112Z\",\"description\":\"TS ID: 55256890166; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--e0bdcebe-2f97-4f8f-ad51-0b0c06b5071c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:55:22.112Z\",\"name\":\"mal_url: http://pecunia110011.at/iteat/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pecunia110011.at/iteat/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:22.112Z\"}", "type": "indicator" @@ -5700,7 +5588,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400051676Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:31.348Z\",\"description\":\"TS ID: 55256890144; iType: mal_url; State: active; Org: Telecommunication Systems, LLC; Source: CyberCrime\",\"id\":\"indicator--82f02b81-cfae-4bee-b85d-daf900c93936\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-01-26T02:55:31.348Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:31.348Z\"}", "type": "indicator" @@ -5751,7 +5638,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400052529Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:32.119Z\",\"description\":\"TS ID: 55256890158; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--1e540e5a-6fa3-4758-ab61-0d7692fb3d96\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-26T02:55:32.119Z\",\"name\":\"mal_url: http://jor1.berbagsansa.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jor1.berbagsansa.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:32.119Z\"}", "type": "indicator" @@ -5802,7 +5688,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400053343Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.623Z\",\"description\":\"TS ID: 55256890152; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--cbfc3b5d-645b-4114-ab89-7ab5b745d230\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-48\"],\"modified\":\"2020-01-26T02:55:33.623Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.623Z\"}", "type": "indicator" @@ -5853,7 +5738,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400054430Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.646Z\",\"description\":\"TS ID: 55256890143; iType: mal_url; State: active; Org: Offshore Racks S.A; Source: CyberCrime\",\"id\":\"indicator--f4cf51da-17db-4d9b-bb65-efeb1373f01b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-21\"],\"modified\":\"2020-01-26T02:55:33.646Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.646Z\"}", "type": "indicator" @@ -5904,7 +5788,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400055225Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.681Z\",\"description\":\"TS ID: 55256890162; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--6e4e6382-002d-473a-a635-cc00d4917353\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-26T02:55:33.681Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.681Z\"}", "type": "indicator" @@ -5955,7 +5838,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400056167Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.738Z\",\"description\":\"TS ID: 55256890138; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--33552aa0-5a5a-47a6-b529-a810dcf8c9af\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-28\"],\"modified\":\"2020-01-26T02:55:33.738Z\",\"name\":\"mal_url: http://aboutworld.info/manage/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aboutworld.info/manage/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.738Z\"}", "type": "indicator" @@ -6007,7 +5889,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400057002Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.959Z\",\"description\":\"TS ID: 55256890146; iType: mal_url; State: active; Org: Dzinet Ltd.; Source: CyberCrime\",\"id\":\"indicator--cd8459e5-367f-46b2-91e7-9893c766091a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-26T02:55:33.959Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.959Z\"}", "type": "indicator" @@ -6058,7 +5939,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400057852Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:33.984Z\",\"description\":\"TS ID: 55256890128; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--274a9145-93f7-4146-a879-68fce2fc1188\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-26T02:55:33.984Z\",\"name\":\"mal_url: http://10121.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://10121.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:33.984Z\"}", "type": "indicator" @@ -6109,7 +5989,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400058646Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:34.637Z\",\"description\":\"TS ID: 55256890132; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--ea0abbe1-3033-4549-8ba0-626f43807986\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-26T02:55:34.637Z\",\"name\":\"mal_url: http://1926.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://1926.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:34.637Z\"}", "type": "indicator" @@ -6160,7 +6039,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400059397Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:44.765Z\",\"description\":\"TS ID: 55256890120; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--c7c3a0d7-fccd-4bc0-9011-a6c91f967402\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-26T02:55:44.765Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:44.765Z\"}", "type": "indicator" @@ -6205,7 +6083,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400060197Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:48.315Z\",\"description\":\"TS ID: 55256890150; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--383708ec-c15c-400a-94fc-40d6ac5ab8e3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:55:48.315Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:48.315Z\"}", "type": "indicator" @@ -6250,7 +6127,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400060954Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:48.35Z\",\"description\":\"TS ID: 55256890136; iType: mal_url; State: active; Org: GoDaddy.com, LLC; Source: CyberCrime\",\"id\":\"indicator--14c3d4da-f364-4af0-96ba-ce8959da560b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-26T02:55:48.35Z\",\"name\":\"mal_url: http://185-24-53-218.com/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://185-24-53-218.com/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:48.35Z\"}", "type": "indicator" @@ -6301,7 +6177,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400061720Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:55:58.711Z\",\"description\":\"TS ID: 55256890133; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--64655563-a4ad-4097-8cda-68c7bcc461f4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:55:58.711Z\",\"name\":\"mal_url: http://1410.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://1410.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:55:58.711Z\"}", "type": "indicator" @@ -6352,7 +6227,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400062549Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:23.739Z\",\"description\":\"TS ID: 55256890139; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime\",\"id\":\"indicator--5ab7883f-17c2-4cc7-b854-33f8d4bc6b1e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-01-26T02:56:23.739Z\",\"name\":\"mal_url: http://nortonlilly.info/geli/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/geli/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:23.739Z\"}", "type": "indicator" @@ -6404,7 +6278,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400063312Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:23.79Z\",\"description\":\"TS ID: 55256890131; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--3417c349-153d-4002-92dd-1093893f3180\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-26T02:56:23.79Z\",\"name\":\"mal_url: http://2208.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://2208.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:23.79Z\"}", "type": "indicator" @@ -6455,7 +6328,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400064055Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:23.857Z\",\"description\":\"TS ID: 55256890126; iType: mal_ip; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--00ae9f9a-03ce-415c-bb7a-49b6c486ac5d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-01-26T02:56:23.857Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:23.857Z\"}", "type": "indicator" @@ -6500,7 +6372,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400064852Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:29.981Z\",\"description\":\"TS ID: 55256890129; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--dba2c4a2-6ad5-455c-b14a-b437d32ef6a3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:56:29.981Z\",\"name\":\"mal_url: http://1012.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://1012.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:29.981Z\"}", "type": "indicator" @@ -6551,7 +6422,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400065595Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:32.609Z\",\"description\":\"TS ID: 55256890141; iType: mal_url; State: active; Org: H4Y Technologies LLC; Source: CyberCrime\",\"id\":\"indicator--5049f714-5462-4f8d-8b13-d95024d477ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-26T02:56:32.609Z\",\"name\":\"mal_url: http://coupondemo.dynamicinnovation.net/ren/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://coupondemo.dynamicinnovation.net/ren/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:32.609Z\"}", "type": "indicator" @@ -6603,7 +6473,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400066339Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:33.504Z\",\"description\":\"TS ID: 55256890156; iType: mal_url; State: active; Org: OVH SAS; Source: CyberCrime\",\"id\":\"indicator--b476b4e0-387e-4cc6-8b93-437e05c9099c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-01-26T02:56:33.504Z\",\"name\":\"mal_url: http://51.38.140.2/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://51.38.140.2/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:33.504Z\"}", "type": "indicator" @@ -6654,7 +6523,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400067126Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:37.688Z\",\"description\":\"TS ID: 55256890163; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime\",\"id\":\"indicator--27e994c3-5ee2-4f8b-9fc0-30ca4fc226ab\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-26T02:56:37.688Z\",\"name\":\"mal_url: http://baxarex228.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://baxarex228.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:37.688Z\"}", "type": "indicator" @@ -6705,7 +6573,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400434747Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:40.17Z\",\"description\":\"TS ID: 55256890124; iType: mal_ip; State: active; Org: Global Data Networks LLC; Source: CyberCrime\",\"id\":\"indicator--67020df4-8210-4e8f-afe0-4d44ccd8800d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-01-26T02:56:40.17Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:40.17Z\"}", "type": "indicator" @@ -6750,7 +6617,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400449296Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:49.862Z\",\"description\":\"TS ID: 55256890165; iType: mal_ip; State: active; Org: Tencent Building, Kejizhongyi Avenue; Source: CyberCrime\",\"id\":\"indicator--f57e1196-0c96-4988-89f9-0b9d7301b524\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-26T02:56:49.862Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:49.862Z\"}", "type": "indicator" @@ -6795,7 +6661,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400450444Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:49.9Z\",\"description\":\"TS ID: 55256890154; iType: mal_ip; State: active; Org: OVH SAS; Source: CyberCrime\",\"id\":\"indicator--9797500e-6f8d-444c-bc86-e8e4581de7ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-01-26T02:56:49.9Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:49.9Z\"}", "type": "indicator" @@ -6840,7 +6705,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400451400Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:56:49.93Z\",\"description\":\"TS ID: 55256890130; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--8fb33d6a-4ed9-4c5a-9a8e-d7fc7e77b9d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-01-26T02:56:49.93Z\",\"name\":\"mal_url: http://0409.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://0409.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:56:49.93Z\"}", "type": "indicator" @@ -6891,7 +6755,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400452303Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:03.544Z\",\"description\":\"TS ID: 55256890157; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--96012440-e95d-46f0-9b70-3f495f4bab32\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-26T02:57:03.544Z\",\"name\":\"mal_url: http://jor1.mirtakala.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jor1.mirtakala.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:03.544Z\"}", "type": "indicator" @@ -6942,7 +6805,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400453195Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:10.525Z\",\"description\":\"TS ID: 55256890151; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--707777c2-d621-4fc8-a44b-6ee28a712ff6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:57:10.525Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:10.525Z\"}", "type": "indicator" @@ -6993,7 +6855,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400454042Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:10.571Z\",\"description\":\"TS ID: 55256890135; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime\",\"id\":\"indicator--275f3354-1d9c-4167-9f1a-abb06bb0f138\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-01-26T02:57:10.571Z\",\"name\":\"mal_url: http://pnumbrero3.ru/soft/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pnumbrero3.ru/soft/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:10.571Z\"}", "type": "indicator" @@ -7045,7 +6906,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400454940Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:14.057Z\",\"description\":\"TS ID: 55256890127; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--b449e457-5327-40a2-8bda-0167c219490c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-26T02:57:14.057Z\",\"name\":\"mal_url: http://10122.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://10122.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:14.057Z\"}", "type": "indicator" @@ -7096,7 +6956,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400455813Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:26.003Z\",\"description\":\"TS ID: 55256890125; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime\",\"id\":\"indicator--c8559f01-42c4-42f1-8464-e2e2e2af84d0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-26T02:57:26.003Z\",\"name\":\"mal_url: http://10123.165-227-83-163.site/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://10123.165-227-83-163.site/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:26.003Z\"}", "type": "indicator" @@ -7147,7 +7006,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400456659Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-26T02:57:30.579Z\",\"description\":\"TS ID: 55256890134; iType: mal_url; State: active; Org: Reg.Ru Hosting; Source: CyberCrime\",\"id\":\"indicator--5898c646-c44b-4365-9d82-77bb1705b6de\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-26T02:57:30.579Z\",\"name\":\"mal_url: http://u0929560.cp.regruhosting.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://u0929560.cp.regruhosting.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-26T02:57:30.579Z\"}", "type": "indicator" @@ -7199,7 +7057,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400457487Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:54:45.711Z\",\"description\":\"TS ID: 55259870663; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--f5e450ee-d6c5-4a92-bfb4-4f8025b8c7e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:54:45.711Z\",\"name\":\"mal_url: http://turames3.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turames3.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:54:45.711Z\"}", "type": "indicator" @@ -7250,7 +7107,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400458381Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:54:59.928Z\",\"description\":\"TS ID: 55259870666; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--05b6bf66-2f31-4640-9ecd-9f8a3408d594\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:54:59.928Z\",\"name\":\"mal_url: http://turames.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turames.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:54:59.928Z\"}", "type": "indicator" @@ -7301,7 +7157,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400459217Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:12.572Z\",\"description\":\"TS ID: 55259870784; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ff7fb9bd-e816-4a76-ae5c-72c22980c722\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:12.572Z\",\"name\":\"mal_url: http://bumaga5.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bumaga5.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:12.572Z\"}", "type": "indicator" @@ -7352,7 +7207,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400460054Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:14.232Z\",\"description\":\"TS ID: 55259870699; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--b0a1e3ec-d523-4e98-90d6-8ad3daa321d3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:14.232Z\",\"name\":\"mal_url: http://mogute.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mogute.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:14.232Z\"}", "type": "indicator" @@ -7403,7 +7257,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400461134Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:14.255Z\",\"description\":\"TS ID: 55259870694; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--92f0ba43-ec1f-4a37-b933-33ddd3da7e2f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:14.255Z\",\"name\":\"mal_url: http://moguto.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://moguto.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:14.255Z\"}", "type": "indicator" @@ -7454,7 +7307,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400462012Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:30.174Z\",\"description\":\"TS ID: 55259870793; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ea0af135-c3c0-4e4e-96d9-bdf1ebb9699e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:30.174Z\",\"name\":\"mal_url: http://bumaga1.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bumaga1.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:30.174Z\"}", "type": "indicator" @@ -7505,7 +7357,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400462847Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:30.287Z\",\"description\":\"TS ID: 55259870765; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--0de60f9b-7383-4c60-9caf-c578c3682487\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-01-27T02:55:30.287Z\",\"name\":\"mal_url: http://dufre1in.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufre1in.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:30.287Z\"}", "type": "indicator" @@ -7556,7 +7407,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400463627Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:30.319Z\",\"description\":\"TS ID: 55259870697; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--e8d57d94-82ce-4ce3-a983-d6928172d795\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:55:30.319Z\",\"name\":\"mal_url: http://moguti.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://moguti.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:30.319Z\"}", "type": "indicator" @@ -7607,7 +7457,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400464553Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:30.343Z\",\"description\":\"TS ID: 55259870654; iType: mal_url; State: active; Org: Lir Ukraine LLC; Source: CyberCrime\",\"id\":\"indicator--4b567c10-4d32-40e4-87fd-b4654de5bf6b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-01-27T02:55:30.343Z\",\"name\":\"mal_url: http://stcubegames.netxi.in/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://stcubegames.netxi.in/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:30.343Z\"}", "type": "indicator" @@ -7659,7 +7508,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400465397Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:34.56Z\",\"description\":\"TS ID: 55259870763; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ab82b31f-02c9-4d98-b49f-21ab18a48b1b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-27T02:55:34.56Z\",\"name\":\"mal_url: http://dufre3.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufre3.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:34.56Z\"}", "type": "indicator" @@ -7710,7 +7558,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400466230Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:34.609Z\",\"description\":\"TS ID: 55259870730; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--47a1bc0c-5444-4c92-a0f8-a51655dd84e5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:55:34.609Z\",\"name\":\"mal_url: http://merop12.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://merop12.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:34.609Z\"}", "type": "indicator" @@ -7761,7 +7608,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400467123Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:36.798Z\",\"description\":\"TS ID: 55259870681; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--e3ee6b9d-f8cd-42fa-8f51-bb0d54446734\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:55:36.798Z\",\"name\":\"mal_url: http://ramesvet.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ramesvet.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:36.798Z\"}", "type": "indicator" @@ -7812,7 +7658,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400468003Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:38.721Z\",\"description\":\"TS ID: 55259870761; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ce0e3226-1587-4fd1-bdd0-aa76c548e8df\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-27T02:55:38.721Z\",\"name\":\"mal_url: http://dufres.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufres.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:38.721Z\"}", "type": "indicator" @@ -7863,7 +7708,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400468900Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:45.512Z\",\"description\":\"TS ID: 55259870706; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--9c90ff74-a454-49c7-afa8-1339915ceac8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:55:45.512Z\",\"name\":\"mal_url: http://mogut3.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mogut3.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:45.512Z\"}", "type": "indicator" @@ -7914,7 +7758,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400469738Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:48.012Z\",\"description\":\"TS ID: 55259870655; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--15806179-df3f-450a-baf5-8e2a29d87faa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-27T02:55:48.012Z\",\"name\":\"mal_url: http://vidar321.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://vidar321.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:48.012Z\"}", "type": "indicator" @@ -7965,7 +7808,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400470628Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:55:50.673Z\",\"description\":\"TS ID: 55259870822; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--bc1b9793-42ef-41bf-a370-a68ca5dd8c7f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-27T02:55:50.673Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:55:50.673Z\"}", "type": "indicator" @@ -8016,7 +7858,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400471491Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:02.067Z\",\"description\":\"TS ID: 55259870657; iType: mal_url; State: active; Org: Transit Telecom LLC; Source: CyberCrime\",\"id\":\"indicator--d4d45888-5dfb-463b-8d5c-9871157397f9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-17\"],\"modified\":\"2020-01-27T02:56:02.067Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:02.067Z\"}", "type": "indicator" @@ -8067,7 +7908,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400472321Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:03.948Z\",\"description\":\"TS ID: 55259870672; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ee8c37a6-cb8b-478c-b527-2506637ceb34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:03.948Z\",\"name\":\"mal_url: http://turams.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turams.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:03.948Z\"}", "type": "indicator" @@ -8118,7 +7958,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400473106Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:05.787Z\",\"description\":\"TS ID: 55259870662; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--fd1feff8-dcc5-429a-953d-0bb80951bf5c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:56:05.787Z\",\"name\":\"mal_url: http://turames8.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turames8.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:05.787Z\"}", "type": "indicator" @@ -8169,7 +8008,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400473997Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:17.615Z\",\"description\":\"TS ID: 55259870820; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--f69535bc-4059-445d-90b0-1df8498137a4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:17.615Z\",\"name\":\"mal_url: http://2maga.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://2maga.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:17.615Z\"}", "type": "indicator" @@ -8220,7 +8058,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400474826Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:17.653Z\",\"description\":\"TS ID: 55259870704; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--a372cefa-0694-4e39-aa50-67be2cded923\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-27T02:56:17.653Z\",\"name\":\"mal_url: http://mogutse.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mogutse.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:17.653Z\"}", "type": "indicator" @@ -8271,7 +8108,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400475665Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:22.845Z\",\"description\":\"TS ID: 55259870661; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--ff74ddcd-b63b-4c1d-b4e0-8703b74564ab\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:22.845Z\",\"name\":\"mal_url: http://turamesplus.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turamesplus.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:22.845Z\"}", "type": "indicator" @@ -8322,7 +8158,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400476846Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:23.51Z\",\"description\":\"TS ID: 55259870713; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--360f60db-e8ca-4ede-9f65-7dcb01425d2e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:23.51Z\",\"name\":\"mal_url: http://merops.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://merops.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:23.51Z\"}", "type": "indicator" @@ -8373,7 +8208,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400477699Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:23.555Z\",\"description\":\"TS ID: 55259870702; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--bafd8878-321e-4501-ae0f-221772acccae\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:23.555Z\",\"name\":\"mal_url: http://mogut.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mogut.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:23.555Z\"}", "type": "indicator" @@ -8424,7 +8258,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400478597Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:32.951Z\",\"description\":\"TS ID: 55259870813; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--21811787-57db-4ca6-abb9-57d33500a88e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:32.951Z\",\"name\":\"mal_url: http://2magas.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://2magas.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:32.951Z\"}", "type": "indicator" @@ -8475,7 +8308,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400480278Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:37.65Z\",\"description\":\"TS ID: 55259870741; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--80641a7e-afbf-4b8d-96e6-4770491297b4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-27T02:56:37.65Z\",\"name\":\"mal_url: http://merakim.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://merakim.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:37.65Z\"}", "type": "indicator" @@ -8526,7 +8358,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400482430Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:37.697Z\",\"description\":\"TS ID: 55259870659; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--fb351f4a-90ab-4ff4-a482-b38e7f92bb77\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:37.697Z\",\"name\":\"mal_url: http://turamesv.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://turamesv.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:37.697Z\"}", "type": "indicator" @@ -8577,7 +8408,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400483236Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:41.827Z\",\"description\":\"TS ID: 55259870687; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--a5ade447-681b-4518-8ea5-779d9de3ff0e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:41.827Z\",\"name\":\"mal_url: http://ramesv.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ramesv.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:41.827Z\"}", "type": "indicator" @@ -8628,7 +8458,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400484021Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:41.874Z\",\"description\":\"TS ID: 55259870674; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--9a797de6-1aa1-4f5c-b40a-c65699117f57\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-01-27T02:56:41.874Z\",\"name\":\"mal_url: http://roninrol.info/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://roninrol.info/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:41.874Z\"}", "type": "indicator" @@ -8679,7 +8508,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400484862Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:49.344Z\",\"description\":\"TS ID: 55259870678; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--7a094f4c-d57d-4bad-9258-a19210782331\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:49.344Z\",\"name\":\"mal_url: http://ramesvet8.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ramesvet8.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:49.344Z\"}", "type": "indicator" @@ -8730,7 +8558,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400485741Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:56:53.905Z\",\"description\":\"TS ID: 55259870709; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--6de4e500-4c56-4288-aa8f-b092f194ff78\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:56:53.905Z\",\"name\":\"mal_url: http://meropsi.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://meropsi.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:56:53.905Z\"}", "type": "indicator" @@ -8781,7 +8608,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400486491Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:06.376Z\",\"description\":\"TS ID: 55259870660; iType: mal_ip; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--c4c00824-3ceb-4b3c-89a2-77d3920aacdb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-27T02:57:06.376Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:06.376Z\"}", "type": "indicator" @@ -8826,7 +8652,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400487326Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:09.474Z\",\"description\":\"TS ID: 55259870721; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--0e9df710-3a24-4070-9576-f3081708cd67\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:57:09.474Z\",\"name\":\"mal_url: http://meropa.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://meropa.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:09.474Z\"}", "type": "indicator" @@ -8877,7 +8702,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400488181Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:12.314Z\",\"description\":\"TS ID: 55259870801; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--4d6b9fe5-43f3-42af-b7c0-171052280208\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:57:12.314Z\",\"name\":\"mal_url: http://5umaga.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://5umaga.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:12.314Z\"}", "type": "indicator" @@ -8928,7 +8752,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400488980Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:12.344Z\",\"description\":\"TS ID: 55259870773; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--50a15dd9-290b-4240-9245-bbe259bcc4c7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-27T02:57:12.344Z\",\"name\":\"mal_url: http://dufre1.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufre1.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:12.344Z\"}", "type": "indicator" @@ -8979,7 +8802,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400489779Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:17.92Z\",\"description\":\"TS ID: 55259870746; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--53b80678-1eeb-433c-bd54-fd1ae9c83c18\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-27T02:57:17.92Z\",\"name\":\"mal_url: http://dufre-tom.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dufre-tom.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:17.92Z\"}", "type": "indicator" @@ -9030,7 +8852,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400490729Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-27T02:57:19.085Z\",\"description\":\"TS ID: 55259870735; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime\",\"id\":\"indicator--b14f43dd-6653-42d4-b0db-3cf4e7fbee87\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-27T02:57:19.085Z\",\"name\":\"mal_url: http://meropi.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://meropi.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-27T02:57:19.085Z\"}", "type": "indicator" @@ -9081,7 +8902,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400491514Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:19.372Z\",\"description\":\"TS ID: 55263242048; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--e2cdc754-bf45-4c4e-a98a-0fcc1a62cc63\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-28T02:58:19.372Z\",\"name\":\"mal_url: http://serv-node4.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://serv-node4.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:19.372Z\"}", "type": "indicator" @@ -9133,7 +8953,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400492294Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:19.396Z\",\"description\":\"TS ID: 55263242003; iType: mal_url; State: active; Org: Informacines sistemos ir technologijos, UAB; Source: CyberCrime\",\"id\":\"indicator--f0aa41c1-9c01-420f-9134-20fa6a00f8e5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-28T02:58:19.396Z\",\"name\":\"mal_url: http://usarmyvacations.info/ssd/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://usarmyvacations.info/ssd/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:19.396Z\"}", "type": "indicator" @@ -9185,7 +9004,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400493092Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:26.492Z\",\"description\":\"TS ID: 55263242014; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--15b60240-37eb-41c9-9e66-872f19406f6d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-28T02:58:26.492Z\",\"name\":\"mal_url: http://la6e51ed.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://la6e51ed.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:26.492Z\"}", "type": "indicator" @@ -9236,7 +9054,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400494305Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:26.52Z\",\"description\":\"TS ID: 55263241842; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--6a3a7dfd-7dd0-4b5b-b614-b09f20ae34f3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-49\"],\"modified\":\"2020-01-28T02:58:26.52Z\",\"name\":\"mal_url: http://209.250.247.253/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://209.250.247.253/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:26.52Z\"}", "type": "indicator" @@ -9288,7 +9105,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400495208Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:43.041Z\",\"description\":\"TS ID: 55263242045; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--d2de10c5-aaee-4c32-ac0c-0d17ea9c7caf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-01-28T02:58:43.041Z\",\"name\":\"mal_url: http://footlooking.kl.com.ua/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://footlooking.kl.com.ua/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:43.041Z\"}", "type": "indicator" @@ -9340,7 +9156,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400495958Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:43.095Z\",\"description\":\"TS ID: 55263242017; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--8391ee32-499a-4390-b81d-5bd14638be82\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-28T02:58:43.095Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:43.095Z\"}", "type": "indicator" @@ -9385,7 +9200,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400496816Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:45.172Z\",\"description\":\"TS ID: 55263242019; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--1a91efe1-ff09-49b2-801b-fb815c843976\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-28T02:58:45.172Z\",\"name\":\"mal_url: http://a0377875.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://a0377875.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:45.172Z\"}", "type": "indicator" @@ -9436,7 +9250,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400497604Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:46.345Z\",\"description\":\"TS ID: 55263241963; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--9980de5d-7c0e-456a-b2bf-32544fda592b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T02:58:46.345Z\",\"name\":\"mal_url: http://samaaj.org.pk/ofo/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/ofo/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:46.345Z\"}", "type": "indicator" @@ -9488,7 +9301,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400498433Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:54.765Z\",\"description\":\"TS ID: 55263242018; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--5da6cfdf-c2a5-45d5-857e-110fc26336f4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-01-28T02:58:54.765Z\",\"name\":\"mal_url: http://f0390226.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0390226.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:54.765Z\"}", "type": "indicator" @@ -9539,7 +9351,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400499233Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:58:57.481Z\",\"description\":\"TS ID: 55263242026; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--5a32ccb0-c749-4286-a606-f3bfe9a61084\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T02:58:57.481Z\",\"name\":\"mal_url: http://samaaj.org.pk/justices/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/justices/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:58:57.481Z\"}", "type": "indicator" @@ -9591,7 +9402,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400500081Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:19.105Z\",\"description\":\"TS ID: 55263242012; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--c26773dc-80be-48c8-98fd-409174bfd0e2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-56\"],\"modified\":\"2020-01-28T02:59:19.105Z\",\"name\":\"mal_url: http://89.160.20.156/teejay/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/teejay/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:19.105Z\"}", "type": "indicator" @@ -9643,7 +9453,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400500873Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:23.53Z\",\"description\":\"TS ID: 55263242004; iType: mal_ip; State: active; Org: Informacines sistemos ir technologijos, UAB; Source: CyberCrime\",\"id\":\"indicator--642f909c-b1e7-4b17-9786-c01371f5da67\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-59\"],\"modified\":\"2020-01-28T02:59:23.53Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:23.53Z\"}", "type": "indicator" @@ -9688,7 +9497,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400502042Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:26.887Z\",\"description\":\"TS ID: 55263242013; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--b50c1f06-f68e-4842-a1ac-cddef3c2ff05\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-01-28T02:59:26.887Z\",\"name\":\"mal_url: http://ld7cad07.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ld7cad07.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:26.887Z\"}", "type": "indicator" @@ -9739,7 +9547,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400502897Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:27.047Z\",\"description\":\"TS ID: 55263241837; iType: mal_ip; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--ab7dae9a-3218-40dd-984c-a928336e1ccb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-38\"],\"modified\":\"2020-01-28T02:59:27.047Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:27.047Z\"}", "type": "indicator" @@ -9784,7 +9591,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400503755Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:34.735Z\",\"description\":\"TS ID: 55263242041; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--fc149a8c-3d46-47f7-b0c2-9764d7291336\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-29\"],\"modified\":\"2020-01-28T02:59:34.735Z\",\"name\":\"mal_url: http://192.168.238.10/emmy/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://192.168.238.10/emmy/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:34.735Z\"}", "type": "indicator" @@ -9836,7 +9642,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400504558Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:34.772Z\",\"description\":\"TS ID: 55263241981; iType: mal_url; State: active; Org: Hostgator Asian Operations Division.; Source: CyberCrime\",\"id\":\"indicator--167c21ca-7d6b-455c-954a-91a5f036616d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-28T02:59:34.772Z\",\"name\":\"mal_url: http://aivazidis.gq/mad-ooo/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aivazidis.gq/mad-ooo/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:34.772Z\"}", "type": "indicator" @@ -9888,7 +9693,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400505360Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:39.12Z\",\"description\":\"TS ID: 55263241978; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--8a35f477-32b2-4735-9e85-743115f1e83f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T02:59:39.12Z\",\"name\":\"mal_url: http://samaaj.org.pk/Elvis/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/Elvis/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:39.12Z\"}", "type": "indicator" @@ -9940,7 +9744,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400506284Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:54.142Z\",\"description\":\"TS ID: 55263242015; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--efcb1909-e772-4001-a96c-97c293baa98d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-01-28T02:59:54.142Z\",\"name\":\"mal_url: http://l3b57852.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l3b57852.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:54.142Z\"}", "type": "indicator" @@ -9991,7 +9794,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400507159Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:54.166Z\",\"description\":\"TS ID: 55263241966; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--b5c97605-a434-4b73-a655-acc88db57cb7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T02:59:54.166Z\",\"name\":\"mal_url: http://samaaj.org.pk/fk/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/fk/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:54.166Z\"}", "type": "indicator" @@ -10043,7 +9845,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400507885Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:54.193Z\",\"description\":\"TS ID: 55263241841; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--10690da4-ed16-4fac-bae7-25a1b17db17d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-01-28T02:59:54.193Z\",\"name\":\"mal_url: http://89.160.20.156/34DEF67D-347D-4799-A12D-84D8482E3B54/azorult/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/34DEF67D-347D-4799-A12D-84D8482E3B54/azorult/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:54.193Z\"}", "type": "indicator" @@ -10095,7 +9896,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400508702Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T02:59:54.253Z\",\"description\":\"TS ID: 55263241840; iType: mal_ip; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--dff78d62-6939-4d47-a5b3-0c275a472f7f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-01-28T02:59:54.253Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T02:59:54.253Z\"}", "type": "indicator" @@ -10140,7 +9940,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400509655Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:08.397Z\",\"description\":\"TS ID: 55263242037; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--c1f7d2e7-4186-47c6-a29b-cdb9bb524732\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-28T03:00:08.397Z\",\"name\":\"mal_url: http://j1034033.myjino.ru/laskovo/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j1034033.myjino.ru/laskovo/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:08.397Z\"}", "type": "indicator" @@ -10192,7 +9991,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400510526Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:08.446Z\",\"description\":\"TS ID: 55263241846; iType: mal_url; State: active; Org: UAB Cherry Servers; Source: CyberCrime\",\"id\":\"indicator--2ffd18da-452a-462b-a264-4c457564de62\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-01-28T03:00:08.446Z\",\"name\":\"mal_url: http://89.160.20.156/xcool!/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/xcool!/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:08.446Z\"}", "type": "indicator" @@ -10244,7 +10042,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400511349Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:22.832Z\",\"description\":\"TS ID: 55263242001; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--bdb1bbc0-4cfe-484b-8c99-22ff164e345d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T03:00:22.832Z\",\"name\":\"mal_url: http://samaaj.org.pk/ejima/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/ejima/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:22.832Z\"}", "type": "indicator" @@ -10296,7 +10093,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400512229Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:23.929Z\",\"description\":\"TS ID: 55263241843; iType: mal_url; State: active; Org: Saginaw Valley State University; Source: CyberCrime\",\"id\":\"indicator--b708bbd4-d0f4-406e-926e-086fd1bd096e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-01-28T03:00:23.929Z\",\"name\":\"mal_url: http://155.138.222.174/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://155.138.222.174/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:23.929Z\"}", "type": "indicator" @@ -10348,7 +10144,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400513022Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:30.838Z\",\"description\":\"TS ID: 55263241974; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--384ff3f4-d643-4b23-ad90-9b4fa7524db8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-01-28T03:00:30.838Z\",\"name\":\"mal_url: http://samaaj.org.pk/emp/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samaaj.org.pk/emp/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:30.838Z\"}", "type": "indicator" @@ -10400,7 +10195,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400513794Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:00:52.335Z\",\"description\":\"TS ID: 55263242016; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--b5e5a709-1001-4905-9019-d69e53b8393d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-28T03:00:52.335Z\",\"name\":\"mal_url: http://minecraft-only.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://minecraft-only.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:00:52.335Z\"}", "type": "indicator" @@ -10451,7 +10245,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400514534Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:01:04.475Z\",\"description\":\"TS ID: 55263242040; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--910b12d0-b553-4219-846e-824ea3be86f8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-01-28T03:01:04.475Z\",\"name\":\"mal_url: http://buythebest.pw/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://buythebest.pw/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:01:04.475Z\"}", "type": "indicator" @@ -10503,7 +10296,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400515375Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:01:04.538Z\",\"description\":\"TS ID: 55263242010; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--6e7ba339-ede0-47fd-a6c9-bd1ffb61fbbf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-28T03:01:04.538Z\",\"name\":\"mal_url: http://smtress.zzz.com.ua/admin/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://smtress.zzz.com.ua/admin/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:01:04.538Z\"}", "type": "indicator" @@ -10555,7 +10347,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400516160Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-28T03:01:31.533Z\",\"description\":\"TS ID: 55263241845; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--1d0c2a7c-ba78-4e9f-ae7a-4ce2988357b1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-01-28T03:01:31.533Z\",\"name\":\"mal_url: http://149.28.199.128/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://149.28.199.128/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-28T03:01:31.533Z\"}", "type": "indicator" @@ -10607,7 +10398,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400516950Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T02:59:29.937Z\",\"description\":\"TS ID: 55266539002; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--b78ae5fd-ee1e-49ab-9519-fb62ba1bb26a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T02:59:29.937Z\",\"name\":\"mal_url: http://ecoorganic.co/Work6/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work6/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T02:59:29.937Z\"}", "type": "indicator" @@ -10659,7 +10449,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400517819Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:21.905Z\",\"description\":\"TS ID: 55266539006; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ec4322a7-481b-4787-8df2-e3b3bc0c8b8b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:00:21.905Z\",\"name\":\"mal_url: http://ecoorganic.co/Work2/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work2/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:21.905Z\"}", "type": "indicator" @@ -10711,7 +10500,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400518635Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:29.782Z\",\"description\":\"TS ID: 55266539008; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--cc172be8-7e67-489c-8bd8-8e9ffc11a944\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-29T03:00:29.782Z\",\"name\":\"mal_url: http://aikchimhin.com/walterXXXX/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aikchimhin.com/walterXXXX/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:29.782Z\"}", "type": "indicator" @@ -10763,7 +10551,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400519410Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:38.132Z\",\"description\":\"TS ID: 55266538988; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--6cb1c4c4-93cb-4ad9-b176-e2a47febafac\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-01-29T03:00:38.132Z\",\"name\":\"mal_url: http://ssgcvb3435fsdgdfg5656sdfgsdfsdf.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ssgcvb3435fsdgdfg5656sdfgsdfsdf.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:38.132Z\"}", "type": "indicator" @@ -10814,7 +10601,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400520201Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:38.721Z\",\"description\":\"TS ID: 55266538999; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--42f95e09-bad2-4055-bf72-fd3d1f26a173\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:00:38.721Z\",\"name\":\"mal_url: http://ecoorganic.co/Work8/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work8/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:38.721Z\"}", "type": "indicator" @@ -10866,7 +10652,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400521049Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:00:51.527Z\",\"description\":\"TS ID: 55266539012; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--b9eafbc4-77e3-4b9b-bd34-a15681f0bbec\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-29T03:00:51.527Z\",\"name\":\"mal_url: http://corpcougar.com/me/32/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/me/32/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:00:51.527Z\"}", "type": "indicator" @@ -10918,7 +10703,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400521839Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:05.442Z\",\"description\":\"TS ID: 55266539004; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--9a6acfec-ffa7-47c7-8176-7dbaca7b379f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:01:05.442Z\",\"name\":\"mal_url: http://ecoorganic.co/Work4/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work4/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:05.442Z\"}", "type": "indicator" @@ -10970,7 +10754,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400522627Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:13.933Z\",\"description\":\"TS ID: 55266539014; iType: mal_ip; State: active; Org: Lir.bg EOOD; Source: CyberCrime\",\"id\":\"indicator--5384d504-8760-4255-8daa-dd156dc302d0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-01-29T03:01:13.933Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:13.933Z\"}", "type": "indicator" @@ -11015,7 +10798,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400523494Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:31.192Z\",\"description\":\"TS ID: 55266539003; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--56b347c9-58c9-48d5-a015-2d561d855af2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:01:31.192Z\",\"name\":\"mal_url: http://ecoorganic.co/Work5/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work5/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:31.192Z\"}", "type": "indicator" @@ -11067,7 +10849,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400524336Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:37.815Z\",\"description\":\"TS ID: 55266538992; iType: mal_url; State: active; Org: Exa Bytes Network Sdn.Bhd.; Source: CyberCrime\",\"id\":\"indicator--840739fb-44ae-42f0-805f-422b38422325\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-01-29T03:01:37.815Z\",\"name\":\"mal_url: http://rajas.com.my/wp-content/uploads/2015/nux/Panel/lucifer/Panel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rajas.com.my/wp-content/uploads/2015/nux/Panel/lucifer/Panel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:37.815Z\"}", "type": "indicator" @@ -11119,7 +10900,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400525499Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:01:49.96Z\",\"description\":\"TS ID: 55266539011; iType: mal_url; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime\",\"id\":\"indicator--9ab8a69c-5b95-4fd6-b189-11d90ee54834\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-01-29T03:01:49.96Z\",\"name\":\"mal_url: http://rgmechanics.fun/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rgmechanics.fun/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:01:49.96Z\"}", "type": "indicator" @@ -11171,7 +10951,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400526294Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:14.284Z\",\"description\":\"TS ID: 55266539013; iType: mal_url; State: active; Org: Lir.bg EOOD; Source: CyberCrime\",\"id\":\"indicator--96051c6b-3648-43ba-b579-735bd6342ec2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-01-29T03:02:14.284Z\",\"name\":\"mal_url: http://sbsinstitute.co.in/wp-includes/temp/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sbsinstitute.co.in/wp-includes/temp/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:14.284Z\"}", "type": "indicator" @@ -11223,7 +11002,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400527144Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:24.081Z\",\"description\":\"TS ID: 55266539001; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--d76d300b-07b7-4e9b-b7f1-9e6c0def6a6b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:02:24.081Z\",\"name\":\"mal_url: http://ecoorganic.co/Work7/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work7/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:24.081Z\"}", "type": "indicator" @@ -11275,7 +11053,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400527919Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:31.573Z\",\"description\":\"TS ID: 55266539009; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--3c61c714-aab6-46e2-abfd-389628870d7d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-01-29T03:02:31.573Z\",\"name\":\"mal_url: http://v200598.hosted-by-vdsina.ru/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://v200598.hosted-by-vdsina.ru/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:31.573Z\"}", "type": "indicator" @@ -11327,7 +11104,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400528690Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:31.605Z\",\"description\":\"TS ID: 55266539007; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--3c9a39df-b4f3-4529-bfd8-d8b40801e555\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:02:31.605Z\",\"name\":\"mal_url: http://ecoorganic.co/Work1/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work1/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:31.605Z\"}", "type": "indicator" @@ -11379,7 +11155,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400529491Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:41.021Z\",\"description\":\"TS ID: 55266538989; iType: mal_ip; State: active; Org: Telenet Ltd.; Source: CyberCrime\",\"id\":\"indicator--756932e1-687c-41c9-9b55-2a762c8a1ef3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-01-29T03:02:41.021Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:41.021Z\"}", "type": "indicator" @@ -11424,7 +11199,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400530346Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:42.284Z\",\"description\":\"TS ID: 55266539010; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--e34dc439-4789-4d5a-b7dc-471fb473f4a0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-01-29T03:02:42.284Z\",\"name\":\"mal_url: http://v178903.hosted-by-vdsina.ru/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://v178903.hosted-by-vdsina.ru/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:42.284Z\"}", "type": "indicator" @@ -11476,7 +11250,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400531179Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:42.335Z\",\"description\":\"TS ID: 55266538994; iType: mal_url; State: active; Org: Unified Layer; Source: CyberCrime\",\"id\":\"indicator--a30fe926-53b8-43fe-a792-8ecd41071dd7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-29T03:02:42.335Z\",\"name\":\"mal_url: http://tickerqube.com/Loki2020/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tickerqube.com/Loki2020/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:42.335Z\"}", "type": "indicator" @@ -11528,7 +11301,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400531919Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:42.367Z\",\"description\":\"TS ID: 55266538986; iType: mal_url; State: active; Org: Eonix Corporation; Source: CyberCrime\",\"id\":\"indicator--0005f77c-327b-4b69-8046-777efe95361d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-29T03:02:42.367Z\",\"name\":\"mal_url: http://microsoftrenat.site/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://microsoftrenat.site/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:42.367Z\"}", "type": "indicator" @@ -11580,7 +11352,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400532775Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:48.869Z\",\"description\":\"TS ID: 55266539005; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--2ef4b932-5434-49f4-8255-a70de96893d8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-01-29T03:02:48.869Z\",\"name\":\"mal_url: http://ecoorganic.co/Work3/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ecoorganic.co/Work3/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:48.869Z\"}", "type": "indicator" @@ -11632,7 +11403,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400533706Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-29T03:02:48.897Z\",\"description\":\"TS ID: 55266538991; iType: mal_ip; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime\",\"id\":\"indicator--becea156-fb29-4cd3-80b1-55cb739e0b6c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-21\"],\"modified\":\"2020-01-29T03:02:48.897Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-29T03:02:48.897Z\"}", "type": "indicator" @@ -11677,7 +11447,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400534505Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-30T02:58:32.284Z\",\"description\":\"TS ID: 55270319168; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--8da10219-9eb1-4963-8889-587598e511cd\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-01-30T02:58:32.284Z\",\"name\":\"mal_url: http://www.cpadeer.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://www.cpadeer.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-30T02:58:32.284Z\"}", "type": "indicator" @@ -11728,7 +11497,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400535366Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-31T02:19:29.045Z\",\"description\":\"TS ID: 55274447486; iType: mal_url; State: active; Org: SingleHop LLC; Source: CyberCrime\",\"id\":\"indicator--093bf827-0d84-4b54-9d62-dffffd0a619b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-01-31T02:19:29.045Z\",\"name\":\"mal_url: http://cleaning-hygiene.com/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://cleaning-hygiene.com/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-31T02:19:29.045Z\"}", "type": "indicator" @@ -11780,7 +11548,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400536194Z", "kind": "enrichment", "original": "{\"created\":\"2020-01-31T02:22:09.726Z\",\"description\":\"TS ID: 55274447484; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--51d4eb13-adf7-4de1-a3f0-106d343ad560\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-01-31T02:22:09.726Z\",\"name\":\"mal_url: http://corpcougar.com/buggy/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/buggy/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-01-31T02:22:09.726Z\"}", "type": "indicator" @@ -11832,7 +11599,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400536980Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:03:02.79Z\",\"description\":\"TS ID: 55277443309; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--a5926161-953c-4763-9d10-0c5e10bcd4e4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:03:02.79Z\",\"name\":\"mal_url: http://marubemi.com/owen/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://marubemi.com/owen/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:03:02.79Z\"}", "type": "indicator" @@ -11884,7 +11650,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400537804Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:03:07.047Z\",\"description\":\"TS ID: 55277443409; iType: mal_ip; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--ee4a872e-e53e-428f-86a1-32c4e4db68f6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-28\"],\"modified\":\"2020-02-01T02:03:07.047Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:03:07.047Z\"}", "type": "indicator" @@ -11929,7 +11694,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400538892Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:03:48.038Z\",\"description\":\"TS ID: 55277443373; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--8494f340-0964-47f0-ba09-78fe0b76eb34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:03:48.038Z\",\"name\":\"mal_url: http://zeyadigital.com/etty/black/download/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://zeyadigital.com/etty/black/download/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:03:48.038Z\"}", "type": "indicator" @@ -11981,7 +11745,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400539735Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:03:48.079Z\",\"description\":\"TS ID: 55277443242; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--f051e10a-76c9-4f14-9fa3-9dbccc65c26f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:03:48.079Z\",\"name\":\"mal_url: http://farzanatradings.com/maindon/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farzanatradings.com/maindon/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:03:48.079Z\"}", "type": "indicator" @@ -12033,7 +11796,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400540491Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:16.392Z\",\"description\":\"TS ID: 55277443446; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--79c8f52b-f134-4e02-ad7a-6169063c8fba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:04:16.392Z\",\"name\":\"mal_url: http://trouserlanditd.com/draw/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trouserlanditd.com/draw/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:16.392Z\"}", "type": "indicator" @@ -12085,7 +11847,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400541345Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:21.636Z\",\"description\":\"TS ID: 55277443452; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--7338fc3d-2a1f-4583-b34d-eb76912a43e6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-01T02:04:21.636Z\",\"name\":\"mal_url: http://krompres.tk/loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://krompres.tk/loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:21.636Z\"}", "type": "indicator" @@ -12137,7 +11898,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400542222Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:21.676Z\",\"description\":\"TS ID: 55277443202; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--1f9e0571-119c-448a-8656-fec49c9c058a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-01T02:04:21.676Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:21.676Z\"}", "type": "indicator" @@ -12188,7 +11948,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400542999Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:21.705Z\",\"description\":\"TS ID: 55277443078; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--d1161e31-f661-469c-b206-84e1d416e577\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-02-01T02:04:21.705Z\",\"name\":\"mal_url: http://gosdick.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gosdick.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:21.705Z\"}", "type": "indicator" @@ -12239,7 +11998,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400543793Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:04:21.745Z\",\"description\":\"TS ID: 55277442685; iType: mal_ip; State: active; Org: LLC Baxet; Source: CyberCrime\",\"id\":\"indicator--8f0a9931-5ee4-4b0e-b473-b130d72ef175\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-17\"],\"modified\":\"2020-02-01T02:04:21.745Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:04:21.745Z\"}", "type": "indicator" @@ -12284,7 +12042,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400544637Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:05:07.232Z\",\"description\":\"TS ID: 55277443523; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--0068cb9c-0bdf-44a8-9563-5006e0c38921\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-02-01T02:05:07.232Z\",\"name\":\"mal_url: http://everest--sh.com/click/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://everest--sh.com/click/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:05:07.232Z\"}", "type": "indicator" @@ -12336,7 +12093,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400545471Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:05:07.274Z\",\"description\":\"TS ID: 55277442283; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--2dd49cbe-4835-49ea-a29c-b173c0840506\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-01T02:05:07.274Z\",\"name\":\"mal_url: http://89.160.20.156/tspir/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/tspir/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:05:07.274Z\"}", "type": "indicator" @@ -12388,7 +12144,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400546253Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:07.042Z\",\"description\":\"TS ID: 55277443220; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--b8e709b0-7eb8-4b2b-94f0-e21c4138cf9b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:06:07.042Z\",\"name\":\"mal_url: http://vware.duckdns.org/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://vware.duckdns.org/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:07.042Z\"}", "type": "indicator" @@ -12440,7 +12195,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400547390Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:15.505Z\",\"description\":\"TS ID: 55277443605; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--10e62d11-dbc5-4d39-badf-574aaab2d0f5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-01T02:06:15.505Z\",\"name\":\"mal_url: http://cokhiquangbien.com/.jx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://cokhiquangbien.com/.jx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:15.505Z\"}", "type": "indicator" @@ -12492,7 +12246,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400548172Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:15.674Z\",\"description\":\"TS ID: 55277443276; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--a84ddb39-c02c-44cc-bac3-0056c279454c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:06:15.674Z\",\"name\":\"mal_url: http://corpcougar.com/nedu/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/nedu/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:15.674Z\"}", "type": "indicator" @@ -12544,7 +12297,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400548964Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:38.684Z\",\"description\":\"TS ID: 55277443190; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--f667d2dd-f6df-4aa4-bd7b-8b7f3e98fa0a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-01T02:06:38.684Z\",\"name\":\"mal_url: http://bubble2.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bubble2.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:38.684Z\"}", "type": "indicator" @@ -12595,7 +12347,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400549820Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:38.733Z\",\"description\":\"TS ID: 55277442690; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--a81a2408-b11b-4b28-a5b6-ffec11942d62\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-32\"],\"modified\":\"2020-02-01T02:06:38.733Z\",\"name\":\"mal_url: http://144.202.96.212/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://144.202.96.212/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:38.733Z\"}", "type": "indicator" @@ -12647,7 +12398,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400550609Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:06:49.292Z\",\"description\":\"TS ID: 55277443216; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--4a414cbe-3e02-48b9-84fb-103ed9961e6c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-01T02:06:49.292Z\",\"name\":\"mal_url: http://papafrog.beget.tech/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://papafrog.beget.tech/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:06:49.292Z\"}", "type": "indicator" @@ -12699,7 +12449,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400551387Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:07:27.633Z\",\"description\":\"TS ID: 55277443028; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--27f66dbf-4ce9-4616-aef1-c6ab9f224ecb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:07:27.633Z\",\"name\":\"mal_url: http://t917659s.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://t917659s.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:07:27.633Z\"}", "type": "indicator" @@ -12750,7 +12499,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400552168Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:07:36.513Z\",\"description\":\"TS ID: 55277443145; iType: mal_url; State: active; Org: Host Europe GmbH; Source: CyberCrime\",\"id\":\"indicator--4cd504ee-3b5e-439f-b37d-3e932b200a55\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-01T02:07:36.513Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:07:36.513Z\"}", "type": "indicator" @@ -12801,7 +12549,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400553018Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:09.833Z\",\"description\":\"TS ID: 55277443560; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--7d803ca2-4e7d-414e-9693-854d08c49bb6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-01T02:08:09.833Z\",\"name\":\"mal_url: http://drop-box.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://drop-box.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:09.833Z\"}", "type": "indicator" @@ -12853,7 +12600,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400553818Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:09.939Z\",\"description\":\"TS ID: 55277442673; iType: mal_url; State: active; Org: Mir Telematiki Ltd; Source: CyberCrime\",\"id\":\"indicator--7cbc0a23-df38-4526-84b1-b344948f0b72\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-63\"],\"modified\":\"2020-02-01T02:08:09.939Z\",\"name\":\"mal_url: http://89.160.20.156/xcool!/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/xcool!/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:09.939Z\"}", "type": "indicator" @@ -12905,7 +12651,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400554799Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:31.777Z\",\"description\":\"TS ID: 55277443138; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--9530c9fb-99b6-40af-b14a-a622cff510b1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-01T02:08:31.777Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:31.777Z\"}", "type": "indicator" @@ -12950,7 +12695,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400555595Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:31.818Z\",\"description\":\"TS ID: 55277442273; iType: mal_ip; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--6955fd8f-b856-43aa-bac7-0d5a2d8519f2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:08:31.818Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:31.818Z\"}", "type": "indicator" @@ -12995,7 +12739,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400556437Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:08:42.76Z\",\"description\":\"TS ID: 55277443599; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--4c8f8d86-da50-48bb-a41b-8a002561315a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-01T02:08:42.76Z\",\"name\":\"mal_url: http://digi-sec.top/lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://digi-sec.top/lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:08:42.76Z\"}", "type": "indicator" @@ -13047,7 +12790,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400557268Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:09:05.295Z\",\"description\":\"TS ID: 55277443514; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--3639e6da-8159-4dd6-b928-b8189c29159f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-02-01T02:09:05.295Z\",\"name\":\"mal_url: http://everest--sh.com/cola/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://everest--sh.com/cola/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:09:05.295Z\"}", "type": "indicator" @@ -13099,7 +12841,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400558060Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:09:13.398Z\",\"description\":\"TS ID: 55277443134; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--7d4bf98b-8fc2-427c-a08b-f432e43c1110\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-01T02:09:13.398Z\",\"name\":\"mal_url: http://moonberry.pk/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://moonberry.pk/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:09:13.398Z\"}", "type": "indicator" @@ -13150,7 +12891,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400558915Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:09:49.804Z\",\"description\":\"TS ID: 55277442688; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--0f2bf75c-d534-48e9-a25f-940cc5f673ed\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-01T02:09:49.804Z\",\"name\":\"mal_url: http://207.246.67.4/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://207.246.67.4/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:09:49.804Z\"}", "type": "indicator" @@ -13202,7 +12942,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400559726Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:09:56.524Z\",\"description\":\"TS ID: 55277443239; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--0cdef192-7b00-48b1-b8d4-a9642e37d630\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:09:56.524Z\",\"name\":\"mal_url: http://farzanatradings.com/odogwu/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farzanatradings.com/odogwu/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:09:56.524Z\"}", "type": "indicator" @@ -13254,7 +12993,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400560509Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:00.889Z\",\"description\":\"TS ID: 55277443489; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--e409b749-d733-4b69-83cf-4df74ac8fd2b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:10:00.889Z\",\"name\":\"mal_url: http://gpi-q.com/clean/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/clean/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:00.889Z\"}", "type": "indicator" @@ -13306,7 +13044,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400561303Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:04.196Z\",\"description\":\"TS ID: 55277443402; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime\",\"id\":\"indicator--347a1f39-78c4-4f71-b125-decaba2489b4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:10:04.196Z\",\"name\":\"mal_url: http://trouserlanditd.com/drug/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trouserlanditd.com/drug/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:04.196Z\"}", "type": "indicator" @@ -13358,7 +13095,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400562346Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:04.234Z\",\"description\":\"TS ID: 55277443231; iType: mal_url; State: active; Org: Fornex Hosting S.L.; Source: CyberCrime\",\"id\":\"indicator--acd84a21-6112-4bbb-9132-fa50a9b7b07c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-01T02:10:04.234Z\",\"name\":\"mal_url: http://nextbridge.info/god/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nextbridge.info/god/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:04.234Z\"}", "type": "indicator" @@ -13410,7 +13146,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400563074Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:18.897Z\",\"description\":\"TS ID: 55277442692; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--d2990eea-f233-4296-b7ea-dc78ad48f1a3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-01T02:10:18.897Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:18.897Z\"}", "type": "indicator" @@ -13462,7 +13197,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400563902Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:19.383Z\",\"description\":\"TS ID: 55277443285; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--ca6a96b9-60e6-429f-9223-7009c1a5e164\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:10:19.383Z\",\"name\":\"mal_url: http://corpcougar.com/collins/32/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/collins/32/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:19.383Z\"}", "type": "indicator" @@ -13514,7 +13248,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400564742Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:19.417Z\",\"description\":\"TS ID: 55277443195; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--1339e0b5-4398-4de4-9175-e685b6d0f5a4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-01T02:10:19.417Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:19.417Z\"}", "type": "indicator" @@ -13559,7 +13292,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400565532Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:39.062Z\",\"description\":\"TS ID: 55277443225; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--5a37e909-b130-4f49-b1d5-f4645a9d4c21\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-01T02:10:39.062Z\",\"name\":\"mal_url: http://pom4ekk.myjino.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pom4ekk.myjino.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:39.062Z\"}", "type": "indicator" @@ -13611,7 +13343,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400566328Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:10:42.316Z\",\"description\":\"TS ID: 55277443198; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--9c6caf78-5bcd-4f6f-bc0f-d094a027a811\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-02-01T02:10:42.316Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:10:42.316Z\"}", "type": "indicator" @@ -13662,7 +13393,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400567109Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:07.132Z\",\"description\":\"TS ID: 55277443508; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--d5f6e0de-d0bb-48f9-931d-5f4fd725a712\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:11:07.132Z\",\"name\":\"mal_url: http://gpi-q.com/clap/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:07.132Z\"}", "type": "indicator" @@ -13714,7 +13444,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400568032Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:07.159Z\",\"description\":\"TS ID: 55277443305; iType: mal_url; State: active; Org: LLC Baxet; Source: CyberCrime\",\"id\":\"indicator--d2ef46a3-6df2-4cc9-bb15-886dc24d41e5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-01T02:11:07.159Z\",\"name\":\"mal_url: http://betprognoz.pro/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://betprognoz.pro/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:07.159Z\"}", "type": "indicator" @@ -13766,7 +13495,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400568777Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:33.332Z\",\"description\":\"TS ID: 55277443141; iType: mal_url; State: active; Org: Host Sailor Ltd.; Source: CyberCrime\",\"id\":\"indicator--6c50f1f6-c27a-4484-ac53-728654ba2db3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:11:33.332Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:33.332Z\"}", "type": "indicator" @@ -13817,7 +13545,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400569587Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:40.48Z\",\"description\":\"TS ID: 55277443247; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--ede31398-e157-401a-9362-127f5c5983ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-01T02:11:40.48Z\",\"name\":\"mal_url: http://farzanatradings.com/fakedon/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farzanatradings.com/fakedon/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:40.48Z\"}", "type": "indicator" @@ -13869,7 +13596,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400570431Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-01T02:11:41.88Z\",\"description\":\"TS ID: 55277443064; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--297cf29f-42ad-44ac-9f04-5156899d5ce9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-01T02:11:41.88Z\",\"name\":\"mal_url: http://q74722vp.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://q74722vp.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-01T02:11:41.88Z\"}", "type": "indicator" @@ -13920,7 +13646,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400571312Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:18.343Z\",\"description\":\"TS ID: 55280666668; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--194d8979-3fb6-4ebb-b7b1-d4758be6b32a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-02T01:57:18.343Z\",\"name\":\"mal_url: http://sino-spriulina.com/demo1/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sino-spriulina.com/demo1/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:18.343Z\"}", "type": "indicator" @@ -13972,7 +13697,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400572444Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:18.366Z\",\"description\":\"TS ID: 55280666642; iType: mal_url; State: active; Org: State Research Center of the Russian Federation; Source: CyberCrime\",\"id\":\"indicator--7470705a-310f-4fe9-9c2f-02b5eac2ff94\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-02T01:57:18.366Z\",\"name\":\"mal_url: http://gpi-q.com/craks/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/craks/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:18.366Z\"}", "type": "indicator" @@ -14024,7 +13748,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400573233Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:18.451Z\",\"description\":\"TS ID: 55280666607; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--20860e18-16e7-4a9a-a485-7588aaee909b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-02T01:57:18.451Z\",\"name\":\"mal_url: http://calmingvapors.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://calmingvapors.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:18.451Z\"}", "type": "indicator" @@ -14075,7 +13798,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400574071Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:18.605Z\",\"description\":\"TS ID: 55280666626; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--6d90d2cb-9fc8-43a4-b4c0-d9ab027f2268\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-02T01:57:18.605Z\",\"name\":\"mal_url: http://tonitrus.pw/3AX3AsO58eVAwtrm/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tonitrus.pw/3AX3AsO58eVAwtrm/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:18.605Z\"}", "type": "indicator" @@ -14127,7 +13849,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400574894Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:19.047Z\",\"description\":\"TS ID: 55280666671; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--ffc26af5-40e7-4157-9d15-cf6048ef86a4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-02T01:57:19.047Z\",\"name\":\"mal_url: http://sino-spriulina.com/demo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sino-spriulina.com/demo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:19.047Z\"}", "type": "indicator" @@ -14179,7 +13900,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400575697Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:19.068Z\",\"description\":\"TS ID: 55280666596; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--5c4cfe56-5fda-4c2b-9b8c-3d384988c3ac\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-02T01:57:19.068Z\",\"name\":\"mal_url: http://f0392879.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0392879.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:19.068Z\"}", "type": "indicator" @@ -14230,7 +13950,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400576557Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:25.701Z\",\"description\":\"TS ID: 55280666633; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--8fdc4cfc-1312-4f6c-99ce-3a0a582a07d3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-02-02T01:57:25.701Z\",\"name\":\"mal_url: http://expertisem.net/agutaz/direct/pushin/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://expertisem.net/agutaz/direct/pushin/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:25.701Z\"}", "type": "indicator" @@ -14282,7 +14001,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400577401Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:25.838Z\",\"description\":\"TS ID: 55280666656; iType: mal_url; State: active; Org: State Research Center of the Russian Federation; Source: CyberCrime\",\"id\":\"indicator--9d8a164e-4f04-4ad2-a1a5-9c4dea319b97\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-02T01:57:25.838Z\",\"name\":\"mal_url: http://gpi-q.com/copy/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/copy/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:25.838Z\"}", "type": "indicator" @@ -14334,7 +14052,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400578477Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:29.827Z\",\"description\":\"TS ID: 55280666597; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--001b0157-c446-40fd-8e01-136a2cab433f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-02-02T01:57:29.827Z\",\"name\":\"mal_url: http://f0391832.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391832.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:29.827Z\"}", "type": "indicator" @@ -14385,7 +14102,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400579225Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:57:48.75Z\",\"description\":\"TS ID: 55280666598; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--4c7c0429-b6f8-4376-8d84-18d68d212b34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-02-02T01:57:48.75Z\",\"name\":\"mal_url: http://f0391281.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391281.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:57:48.75Z\"}", "type": "indicator" @@ -14436,7 +14152,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400580083Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:58:23.948Z\",\"description\":\"TS ID: 55280666593; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--4eeed5f1-092b-4a3f-8c54-f5eb87b5a19c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-02T01:58:23.948Z\",\"name\":\"mal_url: http://f0393735.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0393735.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:58:23.948Z\"}", "type": "indicator" @@ -14487,7 +14202,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400580867Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:58:44.041Z\",\"description\":\"TS ID: 55280666689; iType: mal_url; State: active; Org: Hostinger International Limited; Source: CyberCrime\",\"id\":\"indicator--c253cabd-5a52-4b5f-a53f-94ca58ee3f60\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-02T01:58:44.041Z\",\"name\":\"mal_url: http://gerawest.xyz/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gerawest.xyz/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:58:44.041Z\"}", "type": "indicator" @@ -14539,7 +14253,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400581652Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:58:54.099Z\",\"description\":\"TS ID: 55280666701; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--0bb2320f-9a03-4375-ad2a-10b5d3c41b36\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-02-02T01:58:54.099Z\",\"name\":\"mal_url: http://f0387404.xsph.ru/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387404.xsph.ru/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:58:54.099Z\"}", "type": "indicator" @@ -14590,7 +14303,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400582511Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:59:11.446Z\",\"description\":\"TS ID: 55280666697; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--f6198f5d-4056-4b4f-8ab7-d9b82ec4878b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-02T01:59:11.446Z\",\"name\":\"mal_url: http://j1040794.myjino.ru/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j1040794.myjino.ru/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:59:11.446Z\"}", "type": "indicator" @@ -14641,7 +14353,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400583342Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T01:59:24.665Z\",\"description\":\"TS ID: 55280666589; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--60d7cde7-6852-4295-8399-81b21cc74d7a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-02-02T01:59:24.665Z\",\"name\":\"mal_url: http://f0395171.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0395171.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T01:59:24.665Z\"}", "type": "indicator" @@ -14692,7 +14403,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400584119Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:11.839Z\",\"description\":\"TS ID: 55280666629; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--f31af3ce-1dfe-4846-8f78-cc0f5e73dd2f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-02T02:00:11.839Z\",\"name\":\"mal_url: http://89.160.20.156/yvE9cDkW1l7pXwt5/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/yvE9cDkW1l7pXwt5/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:11.839Z\"}", "type": "indicator" @@ -14744,7 +14454,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400584908Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:15.667Z\",\"description\":\"TS ID: 55280666662; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--f6bd5b3a-7b17-4b33-a487-1d47f9ffa62b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-02-02T02:00:15.667Z\",\"name\":\"mal_url: http://nortonlilly.info/boss/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/boss/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:15.667Z\"}", "type": "indicator" @@ -14796,7 +14505,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400585707Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:31.866Z\",\"description\":\"TS ID: 55280666667; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--bc1481fa-a858-4a87-9ef6-8844ace2dbed\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-02T02:00:31.866Z\",\"name\":\"mal_url: http://ildar-mael-ru.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ildar-mael-ru.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:31.866Z\"}", "type": "indicator" @@ -14847,7 +14555,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400586626Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:31.895Z\",\"description\":\"TS ID: 55280666659; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--e441cd63-5660-465f-a299-b035d8276ff6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-02T02:00:31.895Z\",\"name\":\"mal_url: http://butland.cf/sabali/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://butland.cf/sabali/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:31.895Z\"}", "type": "indicator" @@ -14899,7 +14606,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400587369Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:38.587Z\",\"description\":\"TS ID: 55280666644; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--f83c3853-4de3-4139-8076-a598265f453c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-54\"],\"modified\":\"2020-02-02T02:00:38.587Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:38.587Z\"}", "type": "indicator" @@ -14944,7 +14650,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400588216Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:38.657Z\",\"description\":\"TS ID: 55280666595; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--374e400c-0db7-4e0d-b533-5b6653178da0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-02T02:00:38.657Z\",\"name\":\"mal_url: http://f0393257.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0393257.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:38.657Z\"}", "type": "indicator" @@ -14995,7 +14700,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400589005Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:00:44.275Z\",\"description\":\"TS ID: 55280666609; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--6a115b32-72cb-4397-9550-28bd809ff522\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-02T02:00:44.275Z\",\"name\":\"mal_url: http://amotach-cn.com/DOTNETXXX/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://amotach-cn.com/DOTNETXXX/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:00:44.275Z\"}", "type": "indicator" @@ -15047,7 +14751,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400589743Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:01:03.981Z\",\"description\":\"TS ID: 55280666694; iType: mal_ip; State: active; Org: Hostinger International Limited; Source: CyberCrime\",\"id\":\"indicator--7c6e0ed1-51a4-460c-a69a-75ce73db8961\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-02T02:01:03.981Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:01:03.981Z\"}", "type": "indicator" @@ -15092,7 +14795,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400590537Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-02T02:01:09.238Z\",\"description\":\"TS ID: 55280666627; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--c5225c57-2cfd-4cd4-873a-068d5577959e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-02T02:01:09.238Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-02T02:01:09.238Z\"}", "type": "indicator" @@ -15137,7 +14839,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400591370Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:56:22.888Z\",\"description\":\"TS ID: 55283402087; iType: mal_ip; State: active; Org: Com Telecom; Source: CyberCrime\",\"id\":\"indicator--30cc7535-c071-4164-89a2-f9fe308cbe2c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-03T01:56:22.888Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:56:22.888Z\"}", "type": "indicator" @@ -15182,7 +14883,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400592103Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:56:30.815Z\",\"description\":\"TS ID: 55283402093; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--16fe8840-e1d7-4e71-acd8-d727ed7baa09\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-03T01:56:30.815Z\",\"name\":\"mal_url: http://mine.kommanditgesel.icu/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mine.kommanditgesel.icu/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:56:30.815Z\"}", "type": "indicator" @@ -15233,7 +14933,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400592853Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:56:31.691Z\",\"description\":\"TS ID: 55283402090; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--c091ca15-bd83-4318-b0f0-1c322baa7a7a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-03T01:56:31.691Z\",\"name\":\"mal_url: http://soapstampingmachines.com/slider/data1/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://soapstampingmachines.com/slider/data1/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:56:31.691Z\"}", "type": "indicator" @@ -15285,7 +14984,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400593934Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:56:34.945Z\",\"description\":\"TS ID: 55283402094; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--d68559f0-f20c-40bb-ab62-c2f80c83c80f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-03T01:56:34.945Z\",\"name\":\"mal_url: http://jino-stell-jino.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jino-stell-jino.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:56:34.945Z\"}", "type": "indicator" @@ -15336,7 +15034,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400594758Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:57:32.61Z\",\"description\":\"TS ID: 55283402104; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--ba8f8e26-04b9-460b-b1f4-cf0b2d85db94\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-03T01:57:32.61Z\",\"name\":\"mal_url: http://89.160.20.156/auth.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/auth.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:57:32.61Z\"}", "type": "indicator" @@ -15388,7 +15085,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400595551Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:57:46.702Z\",\"description\":\"TS ID: 55283402092; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--571838b6-5834-4cb9-a1eb-34f535483f4f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-56\"],\"modified\":\"2020-02-03T01:57:46.702Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:57:46.702Z\"}", "type": "indicator" @@ -15433,7 +15129,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400596326Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:58:15.744Z\",\"description\":\"TS ID: 55283402101; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime\",\"id\":\"indicator--336d902d-e5d8-48c1-87be-c4f506274d34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-03T01:58:15.744Z\",\"name\":\"mal_url: http://hypercleaner.su/auth.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://hypercleaner.su/auth.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:58:15.744Z\"}", "type": "indicator" @@ -15485,7 +15180,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400597138Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:58:28.73Z\",\"description\":\"TS ID: 55283402095; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--cae5efb7-ff91-4a8d-bf28-21ffff0e4994\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-03T01:58:28.73Z\",\"name\":\"mal_url: http://pnny.kommanditgesel.icu/news/plast/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pnny.kommanditgesel.icu/news/plast/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:58:28.73Z\"}", "type": "indicator" @@ -15537,7 +15231,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400597958Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:18.132Z\",\"description\":\"TS ID: 55283402096; iType: mal_url; State: active; Org: PT Master Web Network; Source: CyberCrime\",\"id\":\"indicator--1644ebf0-46d0-4dcc-8e04-3a58376cc625\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-02-03T01:59:18.132Z\",\"name\":\"mal_url: http://pa-buol.go.id/wp/panelnew/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pa-buol.go.id/wp/panelnew/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:18.132Z\"}", "type": "indicator" @@ -15589,7 +15282,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400598733Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:28.343Z\",\"description\":\"TS ID: 55283402103; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--a6588ee7-309e-49de-9884-faa2bdd702d2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-02-03T01:59:28.343Z\",\"name\":\"mal_url: http://89.160.20.156/auth.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/auth.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:28.343Z\"}", "type": "indicator" @@ -15641,7 +15333,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400599524Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:33.587Z\",\"description\":\"TS ID: 55283402100; iType: mal_url; State: active; Org: Com Telecom; Source: CyberCrime\",\"id\":\"indicator--8d5e44f6-7283-40f8-b9b3-2c4791832c4e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-03T01:59:33.587Z\",\"name\":\"mal_url: http://anorelier.hk/fshblfn8071/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://anorelier.hk/fshblfn8071/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:33.587Z\"}", "type": "indicator" @@ -15693,7 +15384,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400600369Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:54.52Z\",\"description\":\"TS ID: 55283402099; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--f33dd90a-b849-42af-9bcb-f60476358305\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-03T01:59:54.52Z\",\"name\":\"mal_url: http://bendetta.online/mangooste/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bendetta.online/mangooste/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:54.52Z\"}", "type": "indicator" @@ -15745,7 +15435,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400601149Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-03T01:59:54.544Z\",\"description\":\"TS ID: 55283402097; iType: mal_url; State: active; Org: Relink LTD; Source: CyberCrime\",\"id\":\"indicator--27f2f598-95d6-4e35-a42e-240093d4452d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-03T01:59:54.544Z\",\"name\":\"mal_url: http://kayfundz.ru/kay/eng/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kayfundz.ru/kay/eng/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-03T01:59:54.544Z\"}", "type": "indicator" @@ -15797,7 +15486,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400601934Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:09.73Z\",\"description\":\"TS ID: 55287965572; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--65a8989b-25c3-498e-8247-0514d5aa719e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-02-05T01:58:09.73Z\",\"name\":\"mal_url: http://unrrwa.org/rich/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://unrrwa.org/rich/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:09.73Z\"}", "type": "indicator" @@ -15849,7 +15537,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400602727Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:17.365Z\",\"description\":\"TS ID: 55287965584; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--e531a668-ef25-4b16-aa50-1b0b8f0f901e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-05T01:58:17.365Z\",\"name\":\"mal_url: http://89.160.20.156/hoist3/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/hoist3/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:17.365Z\"}", "type": "indicator" @@ -15901,7 +15588,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400603707Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:17.428Z\",\"description\":\"TS ID: 55287965574; iType: mal_ip; State: active; Org: LLC Baxet; Source: CyberCrime\",\"id\":\"indicator--7aed3145-aab6-470d-bb4f-592d86654719\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-66\"],\"modified\":\"2020-02-05T01:58:17.428Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:17.428Z\"}", "type": "indicator" @@ -15946,7 +15632,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400604555Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:31.683Z\",\"description\":\"TS ID: 55287965571; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--af8e5326-c1d4-4f9e-8f47-ee23c6a2606a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-05T01:58:31.683Z\",\"name\":\"mal_url: http://xigkxc.xyz/Atoz/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xigkxc.xyz/Atoz/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:31.683Z\"}", "type": "indicator" @@ -15998,7 +15683,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400605295Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:31.704Z\",\"description\":\"TS ID: 55287965557; iType: mal_url; State: active; Org: 1\u00261 Internet AG; Source: CyberCrime\",\"id\":\"indicator--59c28566-62b0-4102-ad17-53ec3a143144\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-05T01:58:31.704Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:31.704Z\"}", "type": "indicator" @@ -16050,7 +15734,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400606065Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:32.111Z\",\"description\":\"TS ID: 55287965585; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--56524b03-3217-40a0-9180-dc8262b3b6f9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-05T01:58:32.111Z\",\"name\":\"mal_url: http://89.160.20.156/Silkop/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/Silkop/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:32.111Z\"}", "type": "indicator" @@ -16102,7 +15785,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400606891Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:32.145Z\",\"description\":\"TS ID: 55287965577; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--69661075-e6cb-4054-820c-61954757f0ba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-05T01:58:32.145Z\",\"name\":\"mal_url: http://plosss.com/lok/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://plosss.com/lok/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:32.145Z\"}", "type": "indicator" @@ -16154,7 +15836,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400607678Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:34.795Z\",\"description\":\"TS ID: 55287965581; iType: mal_url; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime\",\"id\":\"indicator--5be6be50-c2ef-4502-857e-f69dd17d37a9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-05T01:58:34.795Z\",\"name\":\"mal_url: http://everest--sh.com/coco/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://everest--sh.com/coco/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:34.795Z\"}", "type": "indicator" @@ -16206,7 +15887,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400608532Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:34.836Z\",\"description\":\"TS ID: 55287965567; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--7de3f68d-51ed-43c0-b5d9-c63d621aa99f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-05T01:58:34.836Z\",\"name\":\"mal_url: http://domainmanagerz.net/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://domainmanagerz.net/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:34.836Z\"}", "type": "indicator" @@ -16257,7 +15937,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400609308Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:41.381Z\",\"description\":\"TS ID: 55287965564; iType: mal_url; State: active; Org: A2 Hosting; Source: CyberCrime\",\"id\":\"indicator--08ec347d-3d22-45e6-96fc-3fc3bb37c720\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-05T01:58:41.381Z\",\"name\":\"mal_url: http://groupbizconsulting.com/p3/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://groupbizconsulting.com/p3/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:41.381Z\"}", "type": "indicator" @@ -16309,7 +15988,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400610138Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:58:59.279Z\",\"description\":\"TS ID: 55287965569; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--b845a78e-d141-455e-92ff-df401787a3cd\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-05T01:58:59.279Z\",\"name\":\"mal_url: http://samundarmarine.com/denty/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://samundarmarine.com/denty/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:58:59.279Z\"}", "type": "indicator" @@ -16361,7 +16039,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400610912Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:03.426Z\",\"description\":\"TS ID: 55287965563; iType: mal_url; State: active; Org: A2 Hosting; Source: CyberCrime\",\"id\":\"indicator--e9d4f82a-bc23-4f9a-81e0-05097acc6daa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-05T01:59:03.426Z\",\"name\":\"mal_url: http://groupbizconsulting.com/p4/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://groupbizconsulting.com/p4/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:03.426Z\"}", "type": "indicator" @@ -16413,7 +16090,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400611790Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:04.695Z\",\"description\":\"TS ID: 55287965555; iType: mal_ip; State: active; Org: Hetzner Online GmbH; Source: CyberCrime\",\"id\":\"indicator--57e76166-d475-4027-b2d9-b4910c5b0747\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-32\"],\"modified\":\"2020-02-05T01:59:04.695Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:04.695Z\"}", "type": "indicator" @@ -16458,7 +16134,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400612565Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:06.271Z\",\"description\":\"TS ID: 55287965580; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--63fdc395-3d7f-4435-a7ea-2c26783ea7b9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-05T01:59:06.271Z\",\"name\":\"mal_url: http://gpi-q.com/cake/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/cake/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:06.271Z\"}", "type": "indicator" @@ -16510,7 +16185,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400613306Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:24.611Z\",\"description\":\"TS ID: 55287965562; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--9ed89f91-5df1-4cad-b6e7-9d275759d32e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-05T01:59:24.611Z\",\"name\":\"mal_url: http://ipblasta.com/kmaker/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ipblasta.com/kmaker/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:24.611Z\"}", "type": "indicator" @@ -16562,7 +16236,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400614084Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:31.341Z\",\"description\":\"TS ID: 55287965559; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime\",\"id\":\"indicator--421221e0-b0c7-4bbe-a12c-412f689f4769\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-02-05T01:59:31.341Z\",\"name\":\"mal_url: http://softtouchcollars.com/origin/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://softtouchcollars.com/origin/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:31.341Z\"}", "type": "indicator" @@ -16614,7 +16287,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400614923Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:47.461Z\",\"description\":\"TS ID: 55287965566; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--369ccb92-5a3b-41cf-853f-dac750e7a9d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-21\"],\"modified\":\"2020-02-05T01:59:47.461Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:47.461Z\"}", "type": "indicator" @@ -16659,7 +16331,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400615731Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T01:59:47.506Z\",\"description\":\"TS ID: 55287965561; iType: mal_ip; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--5fb846be-33fa-4bcb-ac9f-ad6a31e4daef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-05T01:59:47.506Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T01:59:47.506Z\"}", "type": "indicator" @@ -16704,7 +16375,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400616522Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:16.19Z\",\"description\":\"TS ID: 55287965578; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--1a4e59e6-28dd-4087-9a19-b5d274d484d5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-96\"],\"modified\":\"2020-02-05T02:00:16.19Z\",\"name\":\"mal_url: http://mikeservers.eu/kings/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mikeservers.eu/kings/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:16.19Z\"}", "type": "indicator" @@ -16756,7 +16426,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400617380Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:23.009Z\",\"description\":\"TS ID: 55287965575; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--aef5784f-1ba2-4f45-9345-9b96bffe3cfd\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-02-05T02:00:23.009Z\",\"name\":\"mal_url: http://printystore.com.pe/img/lop/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://printystore.com.pe/img/lop/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:23.009Z\"}", "type": "indicator" @@ -16808,7 +16477,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400618182Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:29.679Z\",\"description\":\"TS ID: 55287965579; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--5fbeda08-8cf4-459a-873c-28cef82221b5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-05T02:00:29.679Z\",\"name\":\"mal_url: http://kdi-kongsberg.com/stan/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kdi-kongsberg.com/stan/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:29.679Z\"}", "type": "indicator" @@ -16860,7 +16528,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400619422Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:52.297Z\",\"description\":\"TS ID: 55287965570; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--b4e748c7-0beb-4b0f-a234-938ad9a6b884\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-05T02:00:52.297Z\",\"name\":\"mal_url: http://futuracosmetic.com/frank/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://futuracosmetic.com/frank/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:52.297Z\"}", "type": "indicator" @@ -16912,7 +16579,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400620485Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:57.141Z\",\"description\":\"TS ID: 55287965588; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--320c2f41-7546-4aa7-afef-5188df844448\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-05T02:00:57.141Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/tel/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/tel/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:57.141Z\"}", "type": "indicator" @@ -16964,7 +16630,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400621364Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:57.172Z\",\"description\":\"TS ID: 55287965586; iType: mal_url; State: active; Org: Hetzner Online GmbH; Source: CyberCrime\",\"id\":\"indicator--18a1307c-2dfc-43f9-9e47-93d00c63efcc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-02-05T02:00:57.172Z\",\"name\":\"mal_url: http://video-ld.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://video-ld.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:57.172Z\"}", "type": "indicator" @@ -17016,7 +16681,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400622158Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:00:57.733Z\",\"description\":\"TS ID: 55287965560; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--1e94e26d-5158-4519-b166-2b7e87c2e5de\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-05T02:00:57.733Z\",\"name\":\"mal_url: http://nortonlilly.info/emma/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/emma/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:00:57.733Z\"}", "type": "indicator" @@ -17068,7 +16732,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400622994Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:03.604Z\",\"description\":\"TS ID: 55287965573; iType: mal_url; State: active; Org: Relink LTD; Source: CyberCrime\",\"id\":\"indicator--e396f12a-867b-4e91-8796-d042aef55ce3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-05T02:01:03.604Z\",\"name\":\"mal_url: http://trouserlanditd.com/didi/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trouserlanditd.com/didi/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:03.604Z\"}", "type": "indicator" @@ -17120,7 +16783,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400623856Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:16.051Z\",\"description\":\"TS ID: 55287965589; iType: mal_ip; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--5b35dbd2-4915-4c56-9213-7d5272715cb7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-05T02:01:16.051Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:16.051Z\"}", "type": "indicator" @@ -17165,7 +16827,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400624683Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:18.261Z\",\"description\":\"TS ID: 55287965582; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--8dff68c1-1114-4092-9f29-f655f27d2337\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-60\"],\"modified\":\"2020-02-05T02:01:18.261Z\",\"name\":\"mal_url: http://espoirpharmaceutical.com/includes/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://espoirpharmaceutical.com/includes/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:18.261Z\"}", "type": "indicator" @@ -17217,7 +16878,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400625449Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:18.285Z\",\"description\":\"TS ID: 55287965565; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--19636e7d-febc-4ae1-879a-28af129c19b3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-60\"],\"modified\":\"2020-02-05T02:01:18.285Z\",\"name\":\"mal_url: http://credoaz.com/journals/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://credoaz.com/journals/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:18.285Z\"}", "type": "indicator" @@ -17269,7 +16929,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400626241Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-05T02:01:21.73Z\",\"description\":\"TS ID: 55287965587; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--593225c7-68c8-44db-82bf-2c550931a60c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-05T02:01:21.73Z\",\"name\":\"mal_url: http://bestlogs.myjino.ru/best/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bestlogs.myjino.ru/best/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-05T02:01:21.73Z\"}", "type": "indicator" @@ -17321,7 +16980,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400627455Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:08.953Z\",\"description\":\"TS ID: 55290730789; iType: mal_url; State: active; Org: TimeWeb Ltd.; Source: CyberCrime\",\"id\":\"indicator--782e9560-3f13-43eb-9720-e5b43d9a8dd9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-06T02:10:08.953Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:08.953Z\"}", "type": "indicator" @@ -17372,7 +17030,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400628233Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:15.947Z\",\"description\":\"TS ID: 55290730799; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--9586420f-3737-47b6-8d58-526f629d66e2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-06T02:10:15.947Z\",\"name\":\"mal_url: http://justwer.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://justwer.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:15.947Z\"}", "type": "indicator" @@ -17423,7 +17080,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400628998Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:15.988Z\",\"description\":\"TS ID: 55290730784; iType: mal_ip; State: active; Org: InMotion Hosting; Source: CyberCrime\",\"id\":\"indicator--4d0f3370-af7d-4902-abea-65d9f924458b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-06T02:10:15.988Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:15.988Z\"}", "type": "indicator" @@ -17468,7 +17124,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400629842Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:22.051Z\",\"description\":\"TS ID: 55290730781; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--12dac6fb-e53b-4742-9cc4-da362e880571\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-06T02:10:22.051Z\",\"name\":\"mal_url: http://u-knlt.com/Pablo/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://u-knlt.com/Pablo/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:22.051Z\"}", "type": "indicator" @@ -17520,7 +17175,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400630659Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:23.024Z\",\"description\":\"TS ID: 55290730808; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--d5c7a00c-4ab5-4501-b79c-4e96838e5602\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-06T02:10:23.024Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:23.024Z\"}", "type": "indicator" @@ -17565,7 +17219,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400631480Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:35.597Z\",\"description\":\"TS ID: 55290730780; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--524c1a55-264d-4f41-a854-1f0601921675\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-06T02:10:35.597Z\",\"name\":\"mal_url: http://f0378370.xsph.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0378370.xsph.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:35.597Z\"}", "type": "indicator" @@ -17617,7 +17270,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400632224Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:10:59.132Z\",\"description\":\"TS ID: 55290730787; iType: mal_url; State: active; Org: N-b Tv Sat Srl; Source: CyberCrime\",\"id\":\"indicator--d8d588e2-5ab4-4937-9051-ae93e79c0204\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-06T02:10:59.132Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:10:59.132Z\"}", "type": "indicator" @@ -17668,7 +17320,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400633092Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:08.205Z\",\"description\":\"TS ID: 55290730776; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--6b38040c-6578-43c4-8cec-a426d1079a96\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-06T02:11:08.205Z\",\"name\":\"mal_url: http://f0396918.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0396918.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:08.205Z\"}", "type": "indicator" @@ -17719,7 +17370,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400633887Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:15.653Z\",\"description\":\"TS ID: 55290730807; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--22ba0c46-ef00-43cc-a2e1-ff75417cf11d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-06T02:11:15.653Z\",\"name\":\"mal_url: http://gpi-q.com/cup/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gpi-q.com/cup/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:15.653Z\"}", "type": "indicator" @@ -17771,7 +17421,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400634679Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:17.072Z\",\"description\":\"TS ID: 55290730801; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--257bcf28-e6ee-46e8-b9fe-d192fdc7c959\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-06T02:11:17.072Z\",\"name\":\"mal_url: http://l5056942.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l5056942.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:17.072Z\"}", "type": "indicator" @@ -17822,7 +17471,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400635495Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:17.098Z\",\"description\":\"TS ID: 55290730797; iType: mal_url; State: active; Org: LLC Eximius; Source: CyberCrime\",\"id\":\"indicator--788aa60d-57c8-4a4c-9666-d6869ccd6c49\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-06T02:11:17.098Z\",\"name\":\"mal_url: http://h146438.s21.test-hf.su/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://h146438.s21.test-hf.su/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:17.098Z\"}", "type": "indicator" @@ -17874,7 +17522,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400636342Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:27.123Z\",\"description\":\"TS ID: 55290730782; iType: mal_url; State: active; Org: Hotwire Fision; Source: CyberCrime\",\"id\":\"indicator--29909afa-ad21-493c-b420-870dbc8dd0da\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-06T02:11:27.123Z\",\"name\":\"mal_url: http://tranpip.com/vla/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tranpip.com/vla/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:27.123Z\"}", "type": "indicator" @@ -17926,7 +17573,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400637157Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:11:37.189Z\",\"description\":\"TS ID: 55290730803; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--eb5264f6-1f6e-4d1e-a813-d668ef8e6e0e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-06T02:11:37.189Z\",\"name\":\"mal_url: http://l1430a3c.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://l1430a3c.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:11:37.189Z\"}", "type": "indicator" @@ -17977,7 +17623,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400637945Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:12:51.488Z\",\"description\":\"TS ID: 55290730778; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--c5829f98-8034-4bab-b591-9d3fbda9f448\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-06T02:12:51.488Z\",\"name\":\"mal_url: http://f0391270.xsph.ru/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391270.xsph.ru/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:12:51.488Z\"}", "type": "indicator" @@ -18029,7 +17674,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400638814Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:12:52.562Z\",\"description\":\"TS ID: 55290730800; iType: mal_url; State: active; Org: N-b Tv Sat Srl; Source: CyberCrime\",\"id\":\"indicator--14575771-256c-4f2f-b4bc-7b96c6805b24\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-06T02:12:52.562Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:12:52.562Z\"}", "type": "indicator" @@ -18080,7 +17724,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400639597Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:13:24.038Z\",\"description\":\"TS ID: 55290730798; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--41ca379f-0e97-452f-bed7-0dcaa6509a87\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-06T02:13:24.038Z\",\"name\":\"mal_url: http://xmpzi.icu/blue/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xmpzi.icu/blue/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:13:24.038Z\"}", "type": "indicator" @@ -18132,7 +17775,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400640389Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:13:26.405Z\",\"description\":\"TS ID: 55290730786; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime\",\"id\":\"indicator--5b354705-abe0-4b58-b088-aba7ddc92d6c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-35\"],\"modified\":\"2020-02-06T02:13:26.405Z\",\"name\":\"mal_url: http://155.94.210.79/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://155.94.210.79/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:13:26.405Z\"}", "type": "indicator" @@ -18183,7 +17825,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400641177Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:04.592Z\",\"description\":\"TS ID: 55290730804; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--6f406e7c-e62d-4431-b7eb-d8bc42d48b54\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-06T02:14:04.592Z\",\"name\":\"mal_url: http://lf9a7e2b.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lf9a7e2b.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:04.592Z\"}", "type": "indicator" @@ -18234,7 +17875,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400641977Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:13.434Z\",\"description\":\"TS ID: 55290730806; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--1a0f27f7-a8a7-4dd5-b5cc-a7146221fc31\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-06T02:14:13.434Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:13.434Z\"}", "type": "indicator" @@ -18285,7 +17925,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400642768Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:13.474Z\",\"description\":\"TS ID: 55290730796; iType: mal_ip; State: active; Org: OVH SAS; Source: CyberCrime\",\"id\":\"indicator--72bcbdc1-6c42-4fe9-b6b2-2a8519672418\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-16\"],\"modified\":\"2020-02-06T02:14:13.474Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:13.474Z\"}", "type": "indicator" @@ -18330,7 +17969,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400643574Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:13.506Z\",\"description\":\"TS ID: 55290730793; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--a2c76402-f9d0-4ea1-9ed0-b035bce4c7a6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-06T02:14:13.506Z\",\"name\":\"mal_url: http://tikkies.eu/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tikkies.eu/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:13.506Z\"}", "type": "indicator" @@ -18381,7 +18019,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400644353Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:14.285Z\",\"description\":\"TS ID: 55290730805; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--2e110e0c-f7af-4738-bed2-057bebad6f44\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-06T02:14:14.285Z\",\"name\":\"mal_url: http://lb1a9935.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lb1a9935.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:14.285Z\"}", "type": "indicator" @@ -18432,7 +18069,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400645189Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-06T02:14:30.841Z\",\"description\":\"TS ID: 55290730788; iType: mal_url; State: active; Org: Cyber Wurx LLC; Source: CyberCrime\",\"id\":\"indicator--20a1654d-6008-4d85-a2f0-cc9eaadabe43\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-23\"],\"modified\":\"2020-02-06T02:14:30.841Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-06T02:14:30.841Z\"}", "type": "indicator" @@ -18483,7 +18119,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400645974Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T01:58:49.531Z\",\"description\":\"TS ID: 55295317584; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--e9848e5a-4cbf-4156-827d-b0e0e73d9f2e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-07T01:58:49.531Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.golob/ds.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.golob/ds.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T01:58:49.531Z\"}", "type": "indicator" @@ -18535,7 +18170,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400646745Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T01:58:49.782Z\",\"description\":\"TS ID: 55295317585; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--44a6ba7f-2847-45c5-b4f3-452582094240\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-07T01:58:49.782Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.jonovis/xr.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.jonovis/xr.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T01:58:49.782Z\"}", "type": "indicator" @@ -18587,7 +18221,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400647632Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T01:59:00.621Z\",\"description\":\"TS ID: 55295317581; iType: mal_url; State: active; Org: MVPS LTD; Source: CyberCrime\",\"id\":\"indicator--dad51188-cf4b-4585-8fe2-bfeb4ab3a864\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-07T01:59:00.621Z\",\"name\":\"mal_url: http://89.160.20.156/xcool!/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://189.160.20.156/xcool!/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T01:59:00.621Z\"}", "type": "indicator" @@ -18639,7 +18272,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400648622Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T02:01:59.646Z\",\"description\":\"TS ID: 55295317582; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--a8895396-ac11-49f3-bb81-6e854b871870\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-07T02:01:59.646Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.fotoci/ji.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.fotoci/ji.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T02:01:59.646Z\"}", "type": "indicator" @@ -18691,7 +18323,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400649463Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-07T02:02:24.529Z\",\"description\":\"TS ID: 55295317583; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime\",\"id\":\"indicator--2d0ab756-16e3-4679-86d9-b5ef1bc14a32\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-07T02:02:24.529Z\",\"name\":\"mal_url: http://89.160.20.156/~giftioz/.hokbi/cv.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/~giftioz/.hokbi/cv.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-07T02:02:24.529Z\"}", "type": "indicator" @@ -18743,7 +18374,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400650258Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:11.92Z\",\"description\":\"TS ID: 55298072069; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime\",\"id\":\"indicator--0e0304f5-9735-4c6d-a860-95633369db34\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-22\"],\"modified\":\"2020-02-08T14:02:11.92Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:11.92Z\"}", "type": "indicator" @@ -18788,7 +18418,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400651038Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:14.399Z\",\"description\":\"TS ID: 55298070452; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--7af00858-9e0a-437b-af35-a4ef0b6527a5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-02-08T14:02:14.399Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:14.399Z\"}", "type": "indicator" @@ -18833,7 +18462,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400651868Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:17.271Z\",\"description\":\"TS ID: 55298068887; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime\",\"id\":\"indicator--257cd2f9-ce06-4091-83e2-63d61b7e8bfa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-08T14:02:17.271Z\",\"name\":\"mal_url: http://smineolo39wings.in/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://smineolo39wings.in/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:17.271Z\"}", "type": "indicator" @@ -18884,7 +18512,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400652713Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:23Z\",\"description\":\"TS ID: 55298071788; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--8438ae84-2b7d-4fea-b1cd-fbec85ea3e58\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-08T14:02:23Z\",\"name\":\"mal_url: http://go.trust-oot.info/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://go.trust-oot.info/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:23Z\"}", "type": "indicator" @@ -18935,7 +18562,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400653498Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:23.507Z\",\"description\":\"TS ID: 55298070914; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime\",\"id\":\"indicator--7f6369a7-af79-45ca-96e4-3e5c309337de\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-24\"],\"modified\":\"2020-02-08T14:02:23.507Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:23.507Z\"}", "type": "indicator" @@ -18986,7 +18612,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400654278Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:23.547Z\",\"description\":\"TS ID: 55298068879; iType: mal_ip; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--e1a9f3d2-0a84-4814-bac9-c9e60ad73cca\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-02-08T14:02:23.547Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:23.547Z\"}", "type": "indicator" @@ -19031,7 +18656,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400655192Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:33.679Z\",\"description\":\"TS ID: 55298069345; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--1aa4e592-6c78-43e8-b47c-2494a948d25c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-02-08T14:02:33.679Z\",\"name\":\"mal_url: http://f0391897.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391897.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:33.679Z\"}", "type": "indicator" @@ -19082,7 +18706,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400655975Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:53.996Z\",\"description\":\"TS ID: 55298070323; iType: mal_ip; State: active; Org: Offshore Racks S.A; Source: CyberCrime\",\"id\":\"indicator--0140ac57-a9a4-408a-9f53-f5b33f85dc80\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-21\"],\"modified\":\"2020-02-08T14:02:53.996Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:53.996Z\"}", "type": "indicator" @@ -19127,7 +18750,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400656778Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:57.507Z\",\"description\":\"TS ID: 55298070037; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--46c21251-c655-40c1-896d-2f4712091b7b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-08T14:02:57.507Z\",\"name\":\"mal_url: http://nikitakoteqka1.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nikitakoteqka1.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:57.507Z\"}", "type": "indicator" @@ -19178,7 +18800,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400657568Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:59.236Z\",\"description\":\"TS ID: 55298072047; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--7921e9e8-393c-4b0d-888f-bea034112f06\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-08T14:02:59.236Z\",\"name\":\"mal_url: http://xgkxc.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xgkxc.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:59.236Z\"}", "type": "indicator" @@ -19230,7 +18851,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400658754Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:59.246Z\",\"description\":\"TS ID: 55298071436; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--a59774c5-c288-44a0-9eab-28d93c5d0ab4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-08T14:02:59.246Z\",\"name\":\"mal_url: http://100stuff.site/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://100stuff.site/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:59.246Z\"}", "type": "indicator" @@ -19281,7 +18901,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400659496Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:59.31Z\",\"description\":\"TS ID: 55298071076; iType: mal_ip; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime\",\"id\":\"indicator--d74f403a-0673-4594-a4fc-61a22ab7fa21\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-30\"],\"modified\":\"2020-02-08T14:02:59.31Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:59.31Z\"}", "type": "indicator" @@ -19326,7 +18945,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400660295Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:02:59.432Z\",\"description\":\"TS ID: 55298069175; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--3cac5b3d-ffa6-4f5c-b190-7de9eb2e5a00\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-08T14:02:59.432Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:02:59.432Z\"}", "type": "indicator" @@ -19371,7 +18989,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400661149Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:17.953Z\",\"description\":\"TS ID: 55298072311; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--86c43dc8-a27e-4f30-a29e-ba174f0a03ef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-08T14:03:17.953Z\",\"name\":\"mal_url: http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:17.953Z\"}", "type": "indicator" @@ -19423,7 +19040,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400662068Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:21.626Z\",\"description\":\"TS ID: 55298071960; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--d900b770-4f2f-4597-ba97-a3e62646eca8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-08T14:03:21.626Z\",\"name\":\"mal_url: http://xgkxc.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xgkxc.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:21.626Z\"}", "type": "indicator" @@ -19475,7 +19091,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400662795Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:23.941Z\",\"description\":\"TS ID: 55298070427; iType: mal_url; State: active; Org: SBCLOUD; Source: CyberCrime\",\"id\":\"indicator--be5fb697-b554-4042-8185-f4148a5d02a2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-08T14:03:23.941Z\",\"name\":\"mal_url: http://boomcoins.ml/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://boomcoins.ml/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:23.941Z\"}", "type": "indicator" @@ -19526,7 +19141,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400663582Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:34.136Z\",\"description\":\"TS ID: 55298071042; iType: mal_url; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime\",\"id\":\"indicator--31a6a6c3-f385-421f-9ebb-d5cdced1dfd5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-30\"],\"modified\":\"2020-02-08T14:03:34.136Z\",\"name\":\"mal_url: http://asstubevideos.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://asstubevideos.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:34.136Z\"}", "type": "indicator" @@ -19577,7 +19191,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400664449Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:34.507Z\",\"description\":\"TS ID: 55298069289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--8c9846cd-2a0b-40c3-91f2-5893c05b1560\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-08T14:03:34.507Z\",\"name\":\"mal_url: http://f0397413.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0397413.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:34.507Z\"}", "type": "indicator" @@ -19628,7 +19241,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400665244Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:42.075Z\",\"description\":\"TS ID: 55298071476; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--4e5ac673-3459-45d1-817e-d7aca2850c5e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-08T14:03:42.075Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:42.075Z\"}", "type": "indicator" @@ -19673,7 +19285,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400666307Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:42.298Z\",\"description\":\"TS ID: 55298069324; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--8d463a9a-c285-4af6-91e8-bfd7e65d820f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-08T14:03:42.298Z\",\"name\":\"mal_url: http://f0396512.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0396512.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:42.298Z\"}", "type": "indicator" @@ -19724,7 +19335,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400667138Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:46.901Z\",\"description\":\"TS ID: 55298070290; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--bf76b431-6b24-4b63-89d6-4f026a2e5169\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-63\"],\"modified\":\"2020-02-08T14:03:46.901Z\",\"name\":\"mal_url: http://j1043204.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j1043204.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:46.901Z\"}", "type": "indicator" @@ -19775,7 +19385,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400667988Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:47.108Z\",\"description\":\"TS ID: 55298069358; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--646c9b00-80f7-4457-b2bc-1da854c211d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-08T14:03:47.108Z\",\"name\":\"mal_url: http://f0387320.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0387320.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:47.108Z\"}", "type": "indicator" @@ -19826,7 +19435,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400668786Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:50.674Z\",\"description\":\"TS ID: 55298072749; iType: mal_url; State: active; Org: SpaceWeb CJSC; Source: CyberCrime\",\"id\":\"indicator--48ad83a8-cec1-4d85-a9fd-1b7f9308cb6a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-08T14:03:50.674Z\",\"name\":\"mal_url: http://rqx10504bc.temp.swtest.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rqx10504bc.temp.swtest.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:50.674Z\"}", "type": "indicator" @@ -19878,7 +19486,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400669593Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:53.621Z\",\"description\":\"TS ID: 55298069555; iType: mal_url; State: active; Org: OOO Network of data-centers Selectel; Source: CyberCrime\",\"id\":\"indicator--8e98212b-20f2-404f-804b-8ab7519c5683\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-08T14:03:53.621Z\",\"name\":\"mal_url: http://j6g3fzp.5k5.ru/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j6g3fzp.5k5.ru/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:53.621Z\"}", "type": "indicator" @@ -19930,7 +19537,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400670448Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:58.176Z\",\"description\":\"TS ID: 55298069681; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--395e83ba-96c1-45d2-b4b2-c065af5547fe\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-08T14:03:58.176Z\",\"name\":\"mal_url: http://stableupdater.ru.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://stableupdater.ru.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:58.176Z\"}", "type": "indicator" @@ -19981,7 +19587,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400671260Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:03:58.41Z\",\"description\":\"TS ID: 55298072652; iType: mal_url; State: active; Org: Netrouting; Source: CyberCrime\",\"id\":\"indicator--84dceb2a-fb38-4d98-9005-7f05460e8f3a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-48\"],\"modified\":\"2020-02-08T14:03:58.41Z\",\"name\":\"mal_url: http://209.182.217.85/auth.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://209.182.217.85/auth.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:03:58.41Z\"}", "type": "indicator" @@ -20033,7 +19638,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400672084Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.627Z\",\"description\":\"TS ID: 55298073012; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--ca97a773-4de3-4c9d-8f4c-b7350a615c45\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-08T14:04:30.627Z\",\"name\":\"mal_url: http://fentq.org/x/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fentq.org/x/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.627Z\"}", "type": "indicator" @@ -20085,7 +19689,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400672858Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.659Z\",\"description\":\"TS ID: 55298072708; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--d0653208-3d17-48c8-a47d-a6dede383ad8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-08T14:04:30.659Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/beta/aps/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/beta/aps/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.659Z\"}", "type": "indicator" @@ -20137,7 +19740,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400673832Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.733Z\",\"description\":\"TS ID: 55298072377; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--7873494f-24fb-42a6-ae17-299b9825e220\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-22\"],\"modified\":\"2020-02-08T14:04:30.733Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.733Z\"}", "type": "indicator" @@ -20182,7 +19784,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400674576Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.81Z\",\"description\":\"TS ID: 55298072245; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--14e760f3-eb76-412c-ab7b-8267bd65deb5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-08T14:04:30.81Z\",\"name\":\"mal_url: http://hanmha.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://hanmha.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.81Z\"}", "type": "indicator" @@ -20234,7 +19835,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400675311Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.84Z\",\"description\":\"TS ID: 55298072104; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--8a5aa5ab-e8ec-4641-9cfb-179df3bede39\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-08T14:04:30.84Z\",\"name\":\"mal_url: http://trouserlanditd.com/dabs/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trouserlanditd.com/dabs/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.84Z\"}", "type": "indicator" @@ -20286,7 +19886,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400676145Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:30.927Z\",\"description\":\"TS ID: 55298071479; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--5bbb8e55-9eb7-4b8a-a7aa-d79c53a0e596\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-08T14:04:30.927Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:30.927Z\"}", "type": "indicator" @@ -20337,7 +19936,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400676982Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:35.541Z\",\"description\":\"TS ID: 55298071733; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--cd3bea2d-dd64-463e-ae03-2a582c2261f2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-02-08T14:04:35.541Z\",\"name\":\"mal_url: http://trust-oot.info/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://trust-oot.info/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:35.541Z\"}", "type": "indicator" @@ -20388,7 +19986,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400677808Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:35.641Z\",\"description\":\"TS ID: 55298069948; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--543aeaab-e5f0-42bc-afa5-6cd3cc9a26ec\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-08T14:04:35.641Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:35.641Z\"}", "type": "indicator" @@ -20433,7 +20030,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400678603Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:37.657Z\",\"description\":\"TS ID: 55298071095; iType: mal_url; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime\",\"id\":\"indicator--d2987902-59e6-4667-b011-f20e93e283d9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-30\"],\"modified\":\"2020-02-08T14:04:37.657Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:37.657Z\"}", "type": "indicator" @@ -20484,7 +20080,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400679442Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:41.785Z\",\"description\":\"TS ID: 55298072117; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--093718d8-bb0e-4816-ab4b-c97cb95d5531\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-02-08T14:04:41.785Z\",\"name\":\"mal_url: http://serviciotecnicoenperu.com/contactar/zz/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://serviciotecnicoenperu.com/contactar/zz/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:41.785Z\"}", "type": "indicator" @@ -20536,7 +20131,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400680191Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:43.759Z\",\"description\":\"TS ID: 55298071859; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--dfdca2f0-75cc-4e33-9045-e2ba136c0183\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-08T14:04:43.759Z\",\"name\":\"mal_url: http://xgkxc.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://xgkxc.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:43.759Z\"}", "type": "indicator" @@ -20588,7 +20182,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400680967Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-08T14:04:43.783Z\",\"description\":\"TS ID: 55298070283; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--0e501865-d0a0-493b-8302-02efe0f2c5d1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-08T14:04:43.783Z\",\"name\":\"mal_url: http://kmfjlool.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://kmfjlool.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-08T14:04:43.783Z\"}", "type": "indicator" @@ -20639,7 +20232,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400681752Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-09T05:09:33.689Z\",\"description\":\"TS ID: 55300025372; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--91f46249-8fa5-4e88-bb38-0448b08b5448\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-09T05:09:33.689Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-09T05:09:33.689Z\"}", "type": "indicator" @@ -20684,7 +20276,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400682645Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:01:30.459Z\",\"description\":\"TS ID: 55303483956; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--07925c70-b345-4aa6-8f40-e19602cf0429\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-10T02:01:30.459Z\",\"name\":\"mal_url: http://pentestblog.xyz/panel/login/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pentestblog.xyz/panel/login/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:01:30.459Z\"}", "type": "indicator" @@ -20735,7 +20326,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400683459Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:01:36.571Z\",\"description\":\"TS ID: 55303483889; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--00195f28-4745-41a3-9710-7e2266b1270e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-02-10T02:01:36.571Z\",\"name\":\"mal_url: http://f0386817.xsph.ru/32cd6120/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0386817.xsph.ru/32cd6120/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:01:36.571Z\"}", "type": "indicator" @@ -20787,7 +20377,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400684318Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:01:36.621Z\",\"description\":\"TS ID: 55303483880; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--eae0ef0b-3b77-401b-8835-4ad9cb97171d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-10T02:01:36.621Z\",\"name\":\"mal_url: http://f0395086.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0395086.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:01:36.621Z\"}", "type": "indicator" @@ -20838,7 +20427,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400685143Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:06.427Z\",\"description\":\"TS ID: 55303483638; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--05d25a1d-cf55-4b36-93ee-dbf618980b2f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-44\"],\"modified\":\"2020-02-10T02:02:06.427Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:06.427Z\"}", "type": "indicator" @@ -20890,7 +20478,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400685975Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:14.887Z\",\"description\":\"TS ID: 55303483942; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--9af2b6ee-aec5-481a-8e93-2a7153fcf05e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-10T02:02:14.887Z\",\"name\":\"mal_url: http://worldatdoor.in/wire/32/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/wire/32/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:14.887Z\"}", "type": "indicator" @@ -20942,7 +20529,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400686762Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:16.263Z\",\"description\":\"TS ID: 55303483899; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--1641ace0-37a5-4364-8400-e422b5cdbcec\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-02-10T02:02:16.263Z\",\"name\":\"mal_url: http://wwe23pro.myjino.ru/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://wwe23pro.myjino.ru/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:16.263Z\"}", "type": "indicator" @@ -20994,7 +20580,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400687500Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:35.848Z\",\"description\":\"TS ID: 55303483868; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--3e09e501-0b80-4de6-b5a9-1d30b5687a24\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-44\"],\"modified\":\"2020-02-10T02:02:35.848Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:35.848Z\"}", "type": "indicator" @@ -21039,7 +20624,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400688300Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:45.419Z\",\"description\":\"TS ID: 55303483940; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--85ab9568-e7f5-40c6-935d-8bdbe263970c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-02-10T02:02:45.419Z\",\"name\":\"mal_url: http://garex.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://garex.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:45.419Z\"}", "type": "indicator" @@ -21090,7 +20674,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400689100Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:47.096Z\",\"description\":\"TS ID: 55303483952; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--05509090-9cd9-43b0-892c-02318134a893\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-58\"],\"modified\":\"2020-02-10T02:02:47.096Z\",\"name\":\"mal_url: http://jerichoconstructioncompany.com/wps/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jerichoconstructioncompany.com/wps/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:47.096Z\"}", "type": "indicator" @@ -21142,7 +20725,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400689853Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:02:55.786Z\",\"description\":\"TS ID: 55303483873; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--c884bffa-1248-483b-bdf8-dada05340ea4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-10T02:02:55.786Z\",\"name\":\"mal_url: http://f0396079.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0396079.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:02:55.786Z\"}", "type": "indicator" @@ -21193,7 +20775,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400690697Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:03:03.62Z\",\"description\":\"TS ID: 55303483931; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--14bb6b9e-e4f9-4059-a1a0-f06481441883\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-10T02:03:03.62Z\",\"name\":\"mal_url: http://impulsefittness.info/webpanel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://impulsefittness.info/webpanel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:03:03.62Z\"}", "type": "indicator" @@ -21245,7 +20826,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400691486Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:03:53.711Z\",\"description\":\"TS ID: 55303483865; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--92bdd0d7-0d15-4bcb-bf37-6aec2b0114b8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-10T02:03:53.711Z\",\"name\":\"mal_url: http://pentestblog.xyz/csc/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pentestblog.xyz/csc/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:03:53.711Z\"}", "type": "indicator" @@ -21297,7 +20877,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400692305Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:03:57.56Z\",\"description\":\"TS ID: 55303483938; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--eb0c4603-82ac-4283-bda3-ce9d276bc002\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-10T02:03:57.56Z\",\"name\":\"mal_url: http://pom4ekk.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pom4ekk.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:03:57.56Z\"}", "type": "indicator" @@ -21348,7 +20927,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400693116Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:04:24.419Z\",\"description\":\"TS ID: 55303483870; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--14393248-efcc-4446-9c71-c24b8ea653ab\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-10T02:04:24.419Z\",\"name\":\"mal_url: http://f0396384.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0396384.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:04:24.419Z\"}", "type": "indicator" @@ -21399,7 +20977,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400693958Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-10T02:04:39.273Z\",\"description\":\"TS ID: 55303483883; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--5139b761-30aa-48b8-a7f6-4d125117fd4d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-10T02:04:39.273Z\",\"name\":\"mal_url: http://f0391247.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391247.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-10T02:04:39.273Z\"}", "type": "indicator" @@ -21450,7 +21027,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400694741Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:05:59.738Z\",\"description\":\"TS ID: 55306531291; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--8aed750b-7bc5-41be-956d-5c27ba956957\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-11T02:05:59.738Z\",\"name\":\"mal_url: http://borrdrillling.com/benz-forlife/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://borrdrillling.com/benz-forlife/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:05:59.738Z\"}", "type": "indicator" @@ -21502,7 +21078,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400695731Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:06:33.437Z\",\"description\":\"TS ID: 55306531295; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--939b7b32-9004-40e0-8c48-77b9452a0902\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-11T02:06:33.437Z\",\"name\":\"mal_url: http://borrdrillling.com/fox/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://borrdrillling.com/fox/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:06:33.437Z\"}", "type": "indicator" @@ -21553,7 +21128,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400696693Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:06:48.532Z\",\"description\":\"TS ID: 55306531290; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--f2f9ebc5-814d-4ff2-9979-76264e15d743\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-11T02:06:48.532Z\",\"name\":\"mal_url: http://borrdrillling.com/benz/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://borrdrillling.com/benz/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:06:48.532Z\"}", "type": "indicator" @@ -21605,7 +21179,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400697486Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:07:49.317Z\",\"description\":\"TS ID: 55306531320; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--782c926c-e92f-451e-8aaf-dbe446b8abe4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-02-11T02:07:49.317Z\",\"name\":\"mal_url: http://klickus.com/okye/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://klickus.com/okye/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:07:49.317Z\"}", "type": "indicator" @@ -21657,7 +21230,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400698274Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-11T02:07:49.341Z\",\"description\":\"TS ID: 55306531298; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--336d437c-cb0b-473c-b157-3edad63d3a65\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-02-11T02:07:49.341Z\",\"name\":\"mal_url: http://klickus.com/gozie/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://klickus.com/gozie/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-11T02:07:49.341Z\"}", "type": "indicator" @@ -21709,7 +21281,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400699120Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-12T02:02:34.926Z\",\"description\":\"TS ID: 55309106417; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--1fff5727-69fd-4477-a610-3542e53642ae\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-12T02:02:34.926Z\",\"name\":\"mal_url: http://alwaysdelivery.xyz/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://alwaysdelivery.xyz/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-12T02:02:34.926Z\"}", "type": "indicator" @@ -21761,7 +21332,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400699971Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-12T02:03:19.477Z\",\"description\":\"TS ID: 55309106235; iType: mal_url; State: active; Org: VoenTelecom nets; Source: CyberCrime\",\"id\":\"indicator--8c3385b7-6ee5-4699-87c8-7a7b1da9b6aa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-49\"],\"modified\":\"2020-02-12T02:03:19.477Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-12T02:03:19.477Z\"}", "type": "indicator" @@ -21813,7 +21383,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400700707Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:02:41.467Z\",\"description\":\"TS ID: 55311776075; iType: mal_ip; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--91ef9dde-3f0a-472c-b8ec-a1b9951acb50\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-13T02:02:41.467Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:02:41.467Z\"}", "type": "indicator" @@ -21858,7 +21427,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400701446Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:02:52.653Z\",\"description\":\"TS ID: 55311776233; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--948a3e06-3481-4873-94e7-8ab068284aba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-13T02:02:52.653Z\",\"name\":\"mal_url: http://felicombo.club/Zebra/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://felicombo.club/Zebra/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:02:52.653Z\"}", "type": "indicator" @@ -21910,7 +21478,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400702314Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:03:16.624Z\",\"description\":\"TS ID: 55311776246; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--3b3faeec-4f78-41f2-acd8-13090336f058\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-13T02:03:16.624Z\",\"name\":\"mal_url: http://pdocxoffice.com/Panel/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pdocxoffice.com/Panel/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:03:16.624Z\"}", "type": "indicator" @@ -21962,7 +21529,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400703376Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:03:36.577Z\",\"description\":\"TS ID: 55311776248; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--ae6ff4c4-73c1-473a-90cb-99f135240243\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-13T02:03:36.577Z\",\"name\":\"mal_url: http://megaeditores.com/fgv/PHP/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://megaeditores.com/fgv/PHP/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:03:36.577Z\"}", "type": "indicator" @@ -22014,7 +21580,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400704147Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-13T02:03:38.86Z\",\"description\":\"TS ID: 55311776237; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--104abde1-c4e9-45a2-85e1-525ea3bec752\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-23\"],\"modified\":\"2020-02-13T02:03:38.86Z\",\"name\":\"mal_url: http://89.160.20.156/prUjRYcU2rqFpZqv/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/prUjRYcU2rqFpZqv/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-13T02:03:38.86Z\"}", "type": "indicator" @@ -22066,7 +21631,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400704947Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:06:53.787Z\",\"description\":\"TS ID: 55316616622; iType: mal_url; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--57d0bd25-4211-4e2e-8a4e-31e38eeda90b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T04:06:53.787Z\",\"name\":\"mal_url: http://hotlips.top/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://hotlips.top/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:06:53.787Z\"}", "type": "indicator" @@ -22117,7 +21681,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400705787Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:08:45.548Z\",\"description\":\"TS ID: 55316617564; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--d11be9c2-b408-42a4-a4ad-0ede3c1709f0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-20T04:08:45.548Z\",\"name\":\"mal_url: http://aflamdirectory.com/wp-content/ip/login/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aflamdirectory.com/wp-content/ip/login/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:08:45.548Z\"}", "type": "indicator" @@ -22168,7 +21731,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400706583Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:08:45.601Z\",\"description\":\"TS ID: 55316617187; iType: mal_url; State: active; Org: Telenet Ltd.; Source: CyberCrime\",\"id\":\"indicator--ed5ed1a3-8090-4db3-92cb-3b7b733fa28e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T04:08:45.601Z\",\"name\":\"mal_url: http://ayoobtextlie.com/craks/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/craks/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:08:45.601Z\"}", "type": "indicator" @@ -22220,7 +21782,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400707366Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:09:16.891Z\",\"description\":\"TS ID: 55316616322; iType: mal_ip; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime\",\"id\":\"indicator--6c201663-b1e4-483e-821b-0fe74aecc497\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-20T04:09:16.891Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:09:16.891Z\"}", "type": "indicator" @@ -22265,7 +21826,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400708170Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:11:00.455Z\",\"description\":\"TS ID: 55316616996; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--8203935f-fb3f-418c-945d-40fca5ef088d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T04:11:00.455Z\",\"name\":\"mal_url: http://mecharnise.ir/ca10/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mecharnise.ir/ca10/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:11:00.455Z\"}", "type": "indicator" @@ -22317,7 +21877,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400709007Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:28:36.154Z\",\"description\":\"TS ID: 55321824436; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--238f73e8-938d-4d08-9705-b1b669c129b2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-02-20T04:28:36.154Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:28:36.154Z\"}", "type": "indicator" @@ -22368,7 +21927,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400709794Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:28:36.172Z\",\"description\":\"TS ID: 55321824399; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--6ff21635-ac08-4afe-b5e7-c18dfe320f0f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T04:28:36.172Z\",\"name\":\"mal_url: http://23.247.102.18/4/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://23.247.102.18/4/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:28:36.172Z\"}", "type": "indicator" @@ -22420,7 +21978,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400710935Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:28:36.19Z\",\"description\":\"TS ID: 55321824397; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--9f55ff73-b6b6-476d-bb32-b9a7f8b16e93\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T04:28:36.19Z\",\"name\":\"mal_url: http://23.247.102.18/6/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://23.247.102.18/6/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:28:36.19Z\"}", "type": "indicator" @@ -22472,7 +22029,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400711785Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:30:25.248Z\",\"description\":\"TS ID: 55321824409; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--4abbf2ea-6e46-48e8-b74d-1928c92e6277\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-20T04:30:25.248Z\",\"name\":\"mal_url: http://f0400035.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0400035.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:30:25.248Z\"}", "type": "indicator" @@ -22523,7 +22079,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400712783Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:31:26.488Z\",\"description\":\"TS ID: 55321824418; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--8678d0a4-2b3c-4cea-a745-796f996e18bc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-20T04:31:26.488Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:31:26.488Z\"}", "type": "indicator" @@ -22568,7 +22123,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400713565Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:31:26.532Z\",\"description\":\"TS ID: 55321824403; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--bfd713ad-3d94-441a-b6bc-135ce911b580\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T04:31:26.532Z\",\"name\":\"mal_url: http://23.247.102.18/panel/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://23.247.102.18/panel/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:31:26.532Z\"}", "type": "indicator" @@ -22620,7 +22174,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400714337Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:31:26.582Z\",\"description\":\"TS ID: 55321824401; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime\",\"id\":\"indicator--f43a4d56-b27f-41f0-917b-52358df31e13\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T04:31:26.582Z\",\"name\":\"mal_url: http://23.247.102.18/2/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://23.247.102.18/2/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:31:26.582Z\"}", "type": "indicator" @@ -22672,7 +22225,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400715322Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:32:16.603Z\",\"description\":\"TS ID: 55321824432; iType: mal_ip; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--36d62b8e-77db-4111-be17-d0a3e20bbd9d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-41\"],\"modified\":\"2020-02-20T04:32:16.603Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:32:16.603Z\"}", "type": "indicator" @@ -22717,7 +22269,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400716106Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:32:52.041Z\",\"description\":\"TS ID: 55321824444; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--b6863ec6-1752-43b3-b748-ee8a29b6a52e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T04:32:52.041Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:32:52.041Z\"}", "type": "indicator" @@ -22762,7 +22313,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400716899Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:32:52.057Z\",\"description\":\"TS ID: 55321824423; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--fb1aa473-4d9d-46a3-b053-ae7c051d0e14\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-20T04:32:52.057Z\",\"name\":\"mal_url: http://lae9ac50.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lae9ac50.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:32:52.057Z\"}", "type": "indicator" @@ -22813,7 +22363,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400717868Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:32:52.074Z\",\"description\":\"TS ID: 55321824417; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--f4447d70-3217-4319-9b89-4439db608f67\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-20T04:32:52.074Z\",\"name\":\"mal_url: http://ld01c555.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ld01c555.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:32:52.074Z\"}", "type": "indicator" @@ -22864,7 +22413,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400719028Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:49:13.452Z\",\"description\":\"TS ID: 55324942456; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime\",\"id\":\"indicator--93e03851-428e-4e25-9fa6-17383426a6d7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-20T04:49:13.452Z\",\"name\":\"mal_url: http://borrdrillling.com/psm91/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://borrdrillling.com/psm91/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:49:13.452Z\"}", "type": "indicator" @@ -22916,7 +22464,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400719808Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:49:22.233Z\",\"description\":\"TS ID: 55324942451; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--ddce3ac3-2e92-4c94-9537-acefcbfecfc0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-20T04:49:22.233Z\",\"name\":\"mal_url: http://wtfshop.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://wtfshop.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:49:22.233Z\"}", "type": "indicator" @@ -22967,7 +22514,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400720589Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:50:21.678Z\",\"description\":\"TS ID: 55324942453; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--d4e1621e-ff57-4881-bf03-67f89c1db651\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-20T04:50:21.678Z\",\"name\":\"mal_url: http://minecrafttusa1.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://minecrafttusa1.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:50:21.678Z\"}", "type": "indicator" @@ -23018,7 +22564,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400721427Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:50:21.708Z\",\"description\":\"TS ID: 55324942431; iType: mal_ip; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--99db47e4-6284-47db-a3bb-70dfcac899c2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-20\"],\"modified\":\"2020-02-20T04:50:21.708Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:50:21.708Z\"}", "type": "indicator" @@ -23063,7 +22608,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400722266Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:50:33.473Z\",\"description\":\"TS ID: 55324942449; iType: mal_ip; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--75f014d9-2c40-4fa1-a05e-43521af4a944\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-36\"],\"modified\":\"2020-02-20T04:50:33.473Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:50:33.473Z\"}", "type": "indicator" @@ -23108,7 +22652,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400722994Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T04:51:08.292Z\",\"description\":\"TS ID: 55324942438; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--e5ae9133-c459-4130-b2cc-6bfc3d1bba08\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-20T04:51:08.292Z\",\"name\":\"mal_url: http://amazon-fr.fun/admin/\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://amazon-fr.fun/admin/']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T04:51:08.292Z\"}", "type": "indicator" @@ -23159,7 +22702,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400723828Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:07.933Z\",\"description\":\"TS ID: 55328307473; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--19914258-5bed-4f35-8f57-f639b0d9c1a0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-20T05:16:07.933Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:07.933Z\"}", "type": "indicator" @@ -23210,7 +22752,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400724722Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:27.52Z\",\"description\":\"TS ID: 55330801573; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--a1d0cc69-641e-4588-92f4-0ad9713860e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-20T05:16:27.52Z\",\"name\":\"mal_url: http://f0400017.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0400017.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:27.52Z\"}", "type": "indicator" @@ -23261,7 +22802,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400725521Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:27.557Z\",\"description\":\"TS ID: 55330801572; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--52371067-94be-4a79-b45d-8de115e81e86\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-62\"],\"modified\":\"2020-02-20T05:16:27.557Z\",\"name\":\"mal_url: http://f0391202.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0391202.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:27.557Z\"}", "type": "indicator" @@ -23312,7 +22852,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400726301Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:37.354Z\",\"description\":\"TS ID: 55328307469; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime\",\"id\":\"indicator--0e0682f9-a160-46c2-ba7f-ba9dc2858f7e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:16:37.354Z\",\"name\":\"mal_url: http://ld7fa9c9.justinstalledpanel.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ld7fa9c9.justinstalledpanel.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:37.354Z\"}", "type": "indicator" @@ -23363,7 +22902,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400727165Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:41.613Z\",\"description\":\"TS ID: 55330801557; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--c7e63dd5-c41f-4fd4-bbaa-8b54a1a1a227\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-02-20T05:16:41.613Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:41.613Z\"}", "type": "indicator" @@ -23408,7 +22946,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400727940Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:57.739Z\",\"description\":\"TS ID: 55328307494; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--9f847df6-9c88-4a03-b852-394fd8a77f58\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-20T05:16:57.739Z\",\"name\":\"mal_url: http://referral-casino.club/1/stats/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://referral-casino.club/1/stats/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:57.739Z\"}", "type": "indicator" @@ -23460,7 +22997,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400728783Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:57.764Z\",\"description\":\"TS ID: 55328307481; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--479ea508-2ae1-4aea-825b-e83914fb8d53\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:16:57.764Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work5/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work5/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:57.764Z\"}", "type": "indicator" @@ -23512,7 +23048,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400729554Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:16:57.791Z\",\"description\":\"TS ID: 55328307476; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--051488db-6441-4ca9-9e5f-c8656e3b1d9f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-02-20T05:16:57.791Z\",\"name\":\"mal_url: http://mediagift.vn/.ki/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mediagift.vn/.ki/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:16:57.791Z\"}", "type": "indicator" @@ -23564,7 +23099,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400730504Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:17:10.129Z\",\"description\":\"TS ID: 55328307464; iType: mal_ip; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--d5a928aa-3237-4c44-93e8-f73eb20dc728\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-20T05:17:10.129Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:17:10.129Z\"}", "type": "indicator" @@ -23609,7 +23143,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400731295Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:20.205Z\",\"description\":\"TS ID: 55330801629; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--db19cb4e-25ad-46d3-a944-6e53f62d230c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-20T05:18:20.205Z\",\"name\":\"mal_url: http://liweff.eu/vla/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://liweff.eu/vla/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:20.205Z\"}", "type": "indicator" @@ -23661,7 +23194,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400732039Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:20.412Z\",\"description\":\"TS ID: 55328307485; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--438a519a-17ed-422b-a21d-0262b4b2fc0e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:18:20.412Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work2/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work2/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:20.412Z\"}", "type": "indicator" @@ -23713,7 +23245,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400732882Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:22.703Z\",\"description\":\"TS ID: 55330801601; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--7279d49d-39e4-42d1-8fb7-14ddb56d67d7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:18:22.703Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/lmark/pop/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/lmark/pop/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:22.703Z\"}", "type": "indicator" @@ -23765,7 +23296,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400733744Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:31.965Z\",\"description\":\"TS ID: 55328307489; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--70ae46d6-4f8c-4601-ac48-84848ca04719\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:18:31.965Z\",\"name\":\"mal_url: http://158.69.39.138/file/panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://158.69.39.138/file/panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:31.965Z\"}", "type": "indicator" @@ -23817,7 +23347,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400734521Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:31.986Z\",\"description\":\"TS ID: 55328307482; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--11637bfb-fd5b-482b-83b0-ab8a49aa80e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:18:31.986Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work6/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work6/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:31.986Z\"}", "type": "indicator" @@ -23869,7 +23398,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400735353Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:33.111Z\",\"description\":\"TS ID: 55330801593; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--b2cc241b-8f9a-494d-b842-74bc151bec7a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-20T05:18:33.111Z\",\"name\":\"mal_url: http://febspxiii.xyz/DBY/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxiii.xyz/DBY/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:33.111Z\"}", "type": "indicator" @@ -23921,7 +23449,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400736389Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:47.389Z\",\"description\":\"TS ID: 55330801620; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--ac992a06-7013-4af2-b5c0-5c99f556d5b0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-20T05:18:47.389Z\",\"name\":\"mal_url: http://rds2020.space/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rds2020.space/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:47.389Z\"}", "type": "indicator" @@ -23972,7 +23499,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400737179Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:47.406Z\",\"description\":\"TS ID: 55330801615; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--d723c08e-997d-483e-91e0-2ba6048e3683\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-65\"],\"modified\":\"2020-02-20T05:18:47.406Z\",\"name\":\"mal_url: http://vysyyvyvm.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://vysyyvyvm.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:47.406Z\"}", "type": "indicator" @@ -24023,7 +23549,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400737974Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:47.424Z\",\"description\":\"TS ID: 55330801583; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--734a20dd-4f6e-4ca9-8eac-4cdd6b82a122\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T05:18:47.424Z\",\"name\":\"mal_url: http://makadicuosde.cf/makave/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://makadicuosde.cf/makave/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:47.424Z\"}", "type": "indicator" @@ -24075,7 +23600,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400738779Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:18:52.122Z\",\"description\":\"TS ID: 55328307475; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--e4109b4c-b56f-4f16-818f-0db54e50f5e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-55\"],\"modified\":\"2020-02-20T05:18:52.122Z\",\"name\":\"mal_url: http://tailuong.com.vn/.gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://tailuong.com.vn/.gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:18:52.122Z\"}", "type": "indicator" @@ -24127,7 +23651,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400739588Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:37.033Z\",\"description\":\"TS ID: 55328307484; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--4c7e5535-9899-4967-86bb-e303b03a1122\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:19:37.033Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work3/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work3/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:37.033Z\"}", "type": "indicator" @@ -24179,7 +23702,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400740404Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:37.099Z\",\"description\":\"TS ID: 55328307477; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--ea537667-1f37-4050-bb51-85fee813e39c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T05:19:37.099Z\",\"name\":\"mal_url: http://epperfums.com/duck/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/duck/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:37.099Z\"}", "type": "indicator" @@ -24231,7 +23753,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400741130Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:44.991Z\",\"description\":\"TS ID: 55328307478; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--b6919ef9-68eb-48f5-9bc5-cdb35182e3d5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-20T05:19:44.991Z\",\"name\":\"mal_url: http://epperfums.com/dull/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/dull/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:44.991Z\"}", "type": "indicator" @@ -24283,7 +23804,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400741981Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:49.844Z\",\"description\":\"TS ID: 55330801566; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--ddf3b3c7-d5f7-42d7-b013-767315de4745\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-63\"],\"modified\":\"2020-02-20T05:19:49.844Z\",\"name\":\"mal_url: http://f0404175.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0404175.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:49.844Z\"}", "type": "indicator" @@ -24334,7 +23854,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400742711Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:19:58.679Z\",\"description\":\"TS ID: 55330801607; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--12edd75d-2558-498f-93a6-b628c3a21f85\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:19:58.679Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/lmark/frega/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/lmark/frega/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:19:58.679Z\"}", "type": "indicator" @@ -24386,7 +23905,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400743509Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:21:46.589Z\",\"description\":\"TS ID: 55328307479; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime\",\"id\":\"indicator--7a99b0ea-a361-4d6f-9c75-a1cd9ac41b1b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:21:46.589Z\",\"name\":\"mal_url: http://brokenhead.xyz/Work8/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenhead.xyz/Work8/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:21:46.589Z\"}", "type": "indicator" @@ -24438,7 +23956,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400744259Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:22:19.894Z\",\"description\":\"TS ID: 55330801609; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--09479a9a-0c30-4029-a396-afa64343f065\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:22:19.894Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/lmark/em/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/lmark/em/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:22:19.894Z\"}", "type": "indicator" @@ -24490,7 +24007,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400745063Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:01.214Z\",\"description\":\"TS ID: 55330801569; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--434af7fc-410e-404d-8c8c-8875f92cb0c0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-20T05:24:01.214Z\",\"name\":\"mal_url: http://f0402912.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0402912.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:01.214Z\"}", "type": "indicator" @@ -24541,7 +24057,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400745806Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:21.239Z\",\"description\":\"TS ID: 55330801567; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--3ea0e805-8fa3-40ce-84e5-bf39318f35a6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-64\"],\"modified\":\"2020-02-20T05:24:21.239Z\",\"name\":\"mal_url: http://f0404052.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0404052.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:21.239Z\"}", "type": "indicator" @@ -24592,7 +24107,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400746547Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:33.205Z\",\"description\":\"TS ID: 55330801581; iType: mal_url; State: active; Org: Media Antar Nusa PT.; Source: CyberCrime\",\"id\":\"indicator--b9cccc62-550f-4f5b-bb32-f580c23fe382\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-20T05:24:33.205Z\",\"name\":\"mal_url: http://sariincofood.co.id/oxo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sariincofood.co.id/oxo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:33.205Z\"}", "type": "indicator" @@ -24644,7 +24158,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400747395Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:35.843Z\",\"description\":\"TS ID: 55330801559; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--314ecb7a-db3a-4a64-9c0c-1361891c26c3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-59\"],\"modified\":\"2020-02-20T05:24:35.843Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:35.843Z\"}", "type": "indicator" @@ -24689,7 +24202,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400748184Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:47.629Z\",\"description\":\"TS ID: 55330801610; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime\",\"id\":\"indicator--d594d88f-2e74-4539-99a3-7fc7ae29ac7f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:24:47.629Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/lmark/aps/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/lmark/aps/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:47.629Z\"}", "type": "indicator" @@ -24741,7 +24253,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400749046Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:24:47.645Z\",\"description\":\"TS ID: 55330801575; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--d20e7f50-caac-4054-b816-6f4a9a9283b9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-20T05:24:47.645Z\",\"name\":\"mal_url: http://thefieldagent.net/ys/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://thefieldagent.net/ys/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:24:47.645Z\"}", "type": "indicator" @@ -24793,7 +24304,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400749862Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:25:26.502Z\",\"description\":\"TS ID: 55328307491; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--fb3209c5-4de8-4554-9bb4-ed8cc2b19915\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-80\"],\"modified\":\"2020-02-20T05:25:26.502Z\",\"name\":\"mal_url: http://instaboom-hello.site/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://instaboom-hello.site/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:25:26.502Z\"}", "type": "indicator" @@ -24845,7 +24355,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400750697Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:25:26.525Z\",\"description\":\"TS ID: 55328307488; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--592a57f8-b59a-4018-9167-307225a207ef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-20T05:25:26.525Z\",\"name\":\"mal_url: http://biznetvgator.com/greets/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://biznetvgator.com/greets/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:25:26.525Z\"}", "type": "indicator" @@ -24897,7 +24406,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400751489Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:25:29.508Z\",\"description\":\"TS ID: 55328307495; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime\",\"id\":\"indicator--56e543f4-111a-4764-af25-ee784f35a7c6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-20T05:25:29.508Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/azrt/emma/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/azrt/emma/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:25:29.508Z\"}", "type": "indicator" @@ -24949,7 +24457,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400752268Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-20T05:25:29.532Z\",\"description\":\"TS ID: 55328307487; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--a2e1a901-7ad5-4be0-9fad-7e83cb7d35a7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-20T05:25:29.532Z\",\"name\":\"mal_url: http://brokenbrains.xyz/Pablo/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://brokenbrains.xyz/Pablo/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-20T05:25:29.532Z\"}", "type": "indicator" @@ -25001,7 +24508,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400753290Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:51:41.341Z\",\"description\":\"TS ID: 55333174445; iType: mal_url; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--84d5a06f-cbc3-4504-b0d0-ea23b99182ba\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-21T02:51:41.341Z\",\"name\":\"mal_url: http://nenengdsa.ug/QnSrw25SkhlxsF5P/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nenengdsa.ug/QnSrw25SkhlxsF5P/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:51:41.341Z\"}", "type": "indicator" @@ -25053,7 +24559,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400754072Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:51:50.176Z\",\"description\":\"TS ID: 55333174449; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--56cda4af-704b-41e7-8cc3-6140c163a22a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-21T02:51:50.176Z\",\"name\":\"mal_url: http://j1041747.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://j1041747.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:51:50.176Z\"}", "type": "indicator" @@ -25104,7 +24609,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400754888Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:51:50.296Z\",\"description\":\"TS ID: 55333174441; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--3a6903d8-e46b-4918-a99d-21ae21465bde\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-70\"],\"modified\":\"2020-02-21T02:51:50.296Z\",\"name\":\"mal_url: http://sadhate.zzz.com.ua/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sadhate.zzz.com.ua/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:51:50.296Z\"}", "type": "indicator" @@ -25156,7 +24660,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400755802Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:28.296Z\",\"description\":\"TS ID: 55333174457; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ec1f4e5c-0878-4dcf-9141-4a83b8abeb2c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-21T02:52:28.296Z\",\"name\":\"mal_url: http://groysman.club/host/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://groysman.club/host/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:28.296Z\"}", "type": "indicator" @@ -25208,7 +24711,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400757029Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:31.697Z\",\"description\":\"TS ID: 55333174438; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--40502e97-56ae-4194-81d7-fc08ebff68c1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-21T02:52:31.697Z\",\"name\":\"mal_url: http://nortonlilly.info/ace/ts/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/ace/ts/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:31.697Z\"}", "type": "indicator" @@ -25260,7 +24762,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400757898Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:33.704Z\",\"description\":\"TS ID: 55333174439; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--d9ed2a5f-0f87-4d87-adec-7a925fc848e4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-21T02:52:33.704Z\",\"name\":\"mal_url: http://zdwallcoveing.com/cream/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://zdwallcoveing.com/cream/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:33.704Z\"}", "type": "indicator" @@ -25312,7 +24813,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400758694Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:34.992Z\",\"description\":\"TS ID: 55333174446; iType: mal_ip; State: active; Org: Aksinet Ltd.; Source: CyberCrime\",\"id\":\"indicator--097b92f4-6865-49db-8e59-2a89df364749\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-02-21T02:52:34.992Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:34.992Z\"}", "type": "indicator" @@ -25357,7 +24857,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400759779Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:35.038Z\",\"description\":\"TS ID: 55333174442; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--03ea9edc-6654-4287-b452-988c85380295\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-60\"],\"modified\":\"2020-02-21T02:52:35.038Z\",\"name\":\"mal_url: http://jusper.zzz.com.ua/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jusper.zzz.com.ua/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:35.038Z\"}", "type": "indicator" @@ -25409,7 +24908,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400760619Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:52:38.593Z\",\"description\":\"TS ID: 55333174440; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--99f64515-7513-4764-b278-987c5df8484b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-21T02:52:38.593Z\",\"name\":\"mal_url: http://azur.kl.com.ua/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://azur.kl.com.ua/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:52:38.593Z\"}", "type": "indicator" @@ -25461,7 +24959,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400761401Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:25.758Z\",\"description\":\"TS ID: 55333174450; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--afdd7c21-d8c6-419e-84be-5c8b2ce1a829\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-21T02:53:25.758Z\",\"name\":\"mal_url: http://d98527ix.beget.tech/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://d98527ix.beget.tech/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:25.758Z\"}", "type": "indicator" @@ -25512,7 +25009,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400762231Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:31.865Z\",\"description\":\"TS ID: 55333174452; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--858c680e-7b33-4345-b23c-bbc2a1efb9e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-21T02:53:31.865Z\",\"name\":\"mal_url: http://corpcougar.com/new/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/new/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:31.865Z\"}", "type": "indicator" @@ -25564,7 +25060,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400763118Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:31.9Z\",\"description\":\"TS ID: 55333174443; iType: mal_url; State: active; Org: Fanavari Server Pars Argham Company Gostar Ltd.; Source: CyberCrime\",\"id\":\"indicator--4a97fc3d-210e-4367-ad04-f1b966433a32\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-21T02:53:31.9Z\",\"name\":\"mal_url: http://perca.ir/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://perca.ir/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:31.9Z\"}", "type": "indicator" @@ -25616,7 +25111,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400763971Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:40.48Z\",\"description\":\"TS ID: 55333174451; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--51994ab0-1f97-4bcb-9f24-9fcd3d2364aa\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-21T02:53:40.48Z\",\"name\":\"mal_url: http://zdwallcoveing.com/clock/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://zdwallcoveing.com/clock/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:40.48Z\"}", "type": "indicator" @@ -25668,7 +25162,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400764794Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:42.327Z\",\"description\":\"TS ID: 55333174456; iType: mal_url; State: active; Org: WebHS; Source: CyberCrime\",\"id\":\"indicator--c9d733d6-25c7-4306-9246-c08194e3073a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-21T02:53:42.327Z\",\"name\":\"mal_url: http://livdecor.pt/ali/Panel/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://livdecor.pt/ali/Panel/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:42.327Z\"}", "type": "indicator" @@ -25720,7 +25213,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400765643Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:53:58.967Z\",\"description\":\"TS ID: 55333174444; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--1322e66c-185d-4f46-80d4-d5751722d4cf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-21T02:53:58.967Z\",\"name\":\"mal_url: http://liweff.eu/kp/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://liweff.eu/kp/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:53:58.967Z\"}", "type": "indicator" @@ -25772,7 +25264,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400766573Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:54:44.049Z\",\"description\":\"TS ID: 55333174436; iType: mal_url; State: active; Org: 1\u00261 Internet AG; Source: CyberCrime\",\"id\":\"indicator--733d93ce-6ce8-4272-b564-b09818dbdbbb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-20\"],\"modified\":\"2020-02-21T02:54:44.049Z\",\"name\":\"mal_url: http://89.160.20.156/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:54:44.049Z\"}", "type": "indicator" @@ -25824,7 +25315,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400767354Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-21T02:54:44.075Z\",\"description\":\"TS ID: 55333174435; iType: mal_ip; State: active; Org: WebHS; Source: CyberCrime\",\"id\":\"indicator--fc0b39d5-d097-4e61-a4cd-970929467bad\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-50\"],\"modified\":\"2020-02-21T02:54:44.075Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-21T02:54:44.075Z\"}", "type": "indicator" @@ -25869,7 +25359,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400768132Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:52.6Z\",\"description\":\"TS ID: 55335562485; iType: mal_url; State: active; Org: PDR; Source: CyberCrime\",\"id\":\"indicator--92dd4ff2-7072-4262-b47d-b04cae8480e1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-52\"],\"modified\":\"2020-02-22T02:52:52.6Z\",\"name\":\"mal_url: http://missingandfound.com.my/urch/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://missingandfound.com.my/urch/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:52.6Z\"}", "type": "indicator" @@ -25921,7 +25410,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400769030Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:53.322Z\",\"description\":\"TS ID: 55335562462; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--122f6e46-781f-4d00-8247-6cf4047b0c9f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:52:53.322Z\",\"name\":\"mal_url: http://corpcougar.com/bin/pa/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://corpcougar.com/bin/pa/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:53.322Z\"}", "type": "indicator" @@ -25973,7 +25461,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400769894Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:53.756Z\",\"description\":\"TS ID: 55335562495; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--d5b42516-dfa2-499d-bc2b-c5c10617e7c9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-22T02:52:53.756Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/frega/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/frega/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:53.756Z\"}", "type": "indicator" @@ -26025,7 +25512,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400770722Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:53.779Z\",\"description\":\"TS ID: 55335562482; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--0668db3a-adb5-4e2e-b8f2-18e3870e2d7c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-22T02:52:53.779Z\",\"name\":\"mal_url: http://rotan.tech/explore/acm/balldrop/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://rotan.tech/explore/acm/balldrop/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:53.779Z\"}", "type": "indicator" @@ -26077,7 +25563,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400771553Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:52:59.853Z\",\"description\":\"TS ID: 55335562401; iType: mal_url; State: active; Org: BelCloud Hosting Corporation; Source: CyberCrime\",\"id\":\"indicator--679fd604-82cb-47cd-a968-e87e9cca7fac\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-22T02:52:59.853Z\",\"name\":\"mal_url: http://89.160.20.156/mpdu/index.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/mpdu/index.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:52:59.853Z\"}", "type": "indicator" @@ -26129,7 +25614,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400772440Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:10.018Z\",\"description\":\"TS ID: 55335562492; iType: mal_ip; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--cdbffa12-c6c9-4723-807f-46b9672a23a2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-02-22T02:53:10.018Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:10.018Z\"}", "type": "indicator" @@ -26174,7 +25658,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400773282Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:11.62Z\",\"description\":\"TS ID: 55335562491; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--2218c7b6-3e94-4885-9a70-1f724d8453cc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-22T02:53:11.62Z\",\"name\":\"mal_url: http://epperfums.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:11.62Z\"}", "type": "indicator" @@ -26226,7 +25709,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400774144Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:34.685Z\",\"description\":\"TS ID: 55335562511; iType: mal_url; State: active; Org: T-Mobile Czech Republic; Source: CyberCrime\",\"id\":\"indicator--773fabfe-63b5-4681-8189-4dffad1747fc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-46\"],\"modified\":\"2020-02-22T02:53:34.685Z\",\"name\":\"mal_url: http://ccilfov.ro/css/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ccilfov.ro/css/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:34.685Z\"}", "type": "indicator" @@ -26278,7 +25760,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400774980Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:34.733Z\",\"description\":\"TS ID: 55335562506; iType: mal_ip; State: active; Org: ChunkHost; Source: CyberCrime\",\"id\":\"indicator--5e32213f-5daa-4181-a108-0fc58482adcb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-22T02:53:34.733Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:34.733Z\"}", "type": "indicator" @@ -26323,7 +25804,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400776021Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:34.767Z\",\"description\":\"TS ID: 55335562468; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--b07ae083-b56c-48b0-bfdb-6cf786978ce8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:53:34.767Z\",\"name\":\"mal_url: http://nortonlilly.info/zeya/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/zeya/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:34.767Z\"}", "type": "indicator" @@ -26375,7 +25855,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400776840Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:36.179Z\",\"description\":\"TS ID: 55335562472; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--42e0fb49-dd09-4979-a4d0-ff310d14acf8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-22T02:53:36.179Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/adaba/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/adaba/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:36.179Z\"}", "type": "indicator" @@ -26427,7 +25906,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400777675Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:45.219Z\",\"description\":\"TS ID: 55335562429; iType: mal_url; State: active; Org: OVH SAS; Source: CyberCrime\",\"id\":\"indicator--8d2d349a-763b-406b-ba8c-8ba684058028\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-73\"],\"modified\":\"2020-02-22T02:53:45.219Z\",\"name\":\"mal_url: http://51.83.200.179/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://51.83.200.179/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:45.219Z\"}", "type": "indicator" @@ -26479,7 +25957,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400778562Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:53:56.922Z\",\"description\":\"TS ID: 55335562488; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--965a2554-cc08-488c-8d81-a29e8402eec1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-92\"],\"modified\":\"2020-02-22T02:53:56.922Z\",\"name\":\"mal_url: http://lighteniger.tech/hntspeed/mansft/paydy/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://lighteniger.tech/hntspeed/mansft/paydy/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:53:56.922Z\"}", "type": "indicator" @@ -26531,7 +26008,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400779398Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:18.93Z\",\"description\":\"TS ID: 55335562502; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--e75aa726-cbb0-486f-ac25-947fc76fb5de\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-22T02:54:18.93Z\",\"name\":\"mal_url: http://paperblank.best/gHL6qufBKIulnp11/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://paperblank.best/gHL6qufBKIulnp11/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:18.93Z\"}", "type": "indicator" @@ -26583,7 +26059,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400780266Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:18.975Z\",\"description\":\"TS ID: 55335562470; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime\",\"id\":\"indicator--9f6d9425-fc79-4493-8f95-81ac2a7ae188\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-56\"],\"modified\":\"2020-02-22T02:54:18.975Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:18.975Z\"}", "type": "indicator" @@ -26628,7 +26103,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400781172Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:27.432Z\",\"description\":\"TS ID: 55335562494; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--1333f7e6-3af0-4aea-b798-a54f03d68ac5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-22T02:54:27.432Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/frega2/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/frega2/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:27.432Z\"}", "type": "indicator" @@ -26680,7 +26154,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400782046Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:27.479Z\",\"description\":\"TS ID: 55335562474; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--f4e076ed-6393-49d5-adc2-cbe730ff48db\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-22T02:54:27.479Z\",\"name\":\"mal_url: http://castmart.ga/~zadmin/beta/herm/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://castmart.ga/~zadmin/beta/herm/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:27.479Z\"}", "type": "indicator" @@ -26732,7 +26205,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400782871Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:29.634Z\",\"description\":\"TS ID: 55335562505; iType: mal_url; State: active; Org: ChunkHost; Source: CyberCrime\",\"id\":\"indicator--2b38be23-b226-460e-9b17-4480e930f271\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-22T02:54:29.634Z\",\"name\":\"mal_url: http://almondmilkoils.com/E6OCF8w8IPI6vxKa/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://almondmilkoils.com/E6OCF8w8IPI6vxKa/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:29.634Z\"}", "type": "indicator" @@ -26784,7 +26256,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400783690Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:29.689Z\",\"description\":\"TS ID: 55335562500; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--0bfd644c-62ef-4f03-9d1d-304673d912f1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-22T02:54:29.689Z\",\"name\":\"mal_url: http://pay-robokassa.net/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pay-robokassa.net/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:29.689Z\"}", "type": "indicator" @@ -26836,7 +26307,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400784597Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:47.42Z\",\"description\":\"TS ID: 55335562476; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--a15df968-dec6-4122-811e-1144011d0653\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:54:47.42Z\",\"name\":\"mal_url: http://nortonlilly.info/jb/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/jb/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:47.42Z\"}", "type": "indicator" @@ -26888,7 +26358,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400785399Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:48.824Z\",\"description\":\"TS ID: 55335562428; iType: mal_url; State: active; Org: Hostkey B.v.; Source: CyberCrime\",\"id\":\"indicator--11fec449-039c-4d64-aefa-210e96074633\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-40\"],\"modified\":\"2020-02-22T02:54:48.824Z\",\"name\":\"mal_url: http://89.160.20.156/host/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/host/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:48.824Z\"}", "type": "indicator" @@ -26940,7 +26409,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400786248Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:49.84Z\",\"description\":\"TS ID: 55335562466; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--5d04eb73-cda3-4f22-bcaf-604660d26343\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:54:49.84Z\",\"name\":\"mal_url: http://nortonlilly.info/ace1/st/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/ace1/st/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:49.84Z\"}", "type": "indicator" @@ -26992,7 +26460,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400787132Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:51.052Z\",\"description\":\"TS ID: 55335562498; iType: mal_url; State: active; Org: Dedicated-servers; Source: CyberCrime\",\"id\":\"indicator--f7bafcb3-679f-4959-8ed0-d3d8b62eceef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-79\"],\"modified\":\"2020-02-22T02:54:51.052Z\",\"name\":\"mal_url: http://89.160.20.156/primfive/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/primfive/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:51.052Z\"}", "type": "indicator" @@ -27044,7 +26511,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400787972Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:51.08Z\",\"description\":\"TS ID: 55335562469; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime\",\"id\":\"indicator--4913d346-5153-40a6-b5ab-9854e91f4ac6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-91\"],\"modified\":\"2020-02-22T02:54:51.08Z\",\"name\":\"mal_url: http://allenservice.ga/~zadmin/lmark/gold/uMc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://allenservice.ga/~zadmin/lmark/gold/uMc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:51.08Z\"}", "type": "indicator" @@ -27096,7 +26562,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400788858Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:57.998Z\",\"description\":\"TS ID: 55335562501; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--abd1ec0d-3831-4ae8-93fd-fa22ed4d20fd\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-22T02:54:57.998Z\",\"name\":\"mal_url: http://dronius267.myjino.ru/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dronius267.myjino.ru/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:57.998Z\"}", "type": "indicator" @@ -27148,7 +26613,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400789752Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:58.082Z\",\"description\":\"TS ID: 55335562493; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--21a62996-f4f5-4b77-be5d-4f84a7e7d084\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-22T02:54:58.082Z\",\"name\":\"mal_url: http://aladebtrading.com/loki/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://aladebtrading.com/loki/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:58.082Z\"}", "type": "indicator" @@ -27200,7 +26664,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400790624Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:59.268Z\",\"description\":\"TS ID: 55335562496; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--7f70004c-d9ab-4f22-b3d8-511682528ccc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-75\"],\"modified\":\"2020-02-22T02:54:59.268Z\",\"name\":\"mal_url: http://89.160.20.156/primsix/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/primsix/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:59.268Z\"}", "type": "indicator" @@ -27252,7 +26715,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400791405Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:54:59.71Z\",\"description\":\"TS ID: 55335562514; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--0c36d9c7-4938-49c0-9704-38aeaee90f95\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-22T02:54:59.71Z\",\"name\":\"mal_url: http://worldatdoor.in/nato/Pony/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/nato/Pony/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:54:59.71Z\"}", "type": "indicator" @@ -27304,7 +26766,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400792243Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:06.175Z\",\"description\":\"TS ID: 55335562464; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--af30a658-0eea-4daf-b26f-26f060e56bc9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:55:06.175Z\",\"name\":\"mal_url: http://nortonlilly.info/jp/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://nortonlilly.info/jp/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:06.175Z\"}", "type": "indicator" @@ -27356,7 +26817,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400793119Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:16.703Z\",\"description\":\"TS ID: 55335562478; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--6c50747b-39c8-48c7-9fdc-86427a702ce1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-22T02:55:16.703Z\",\"name\":\"mal_url: http://worldatdoor.in/lewis1/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/lewis1/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:16.703Z\"}", "type": "indicator" @@ -27408,7 +26868,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400793941Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:26.13Z\",\"description\":\"TS ID: 55335562507; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime\",\"id\":\"indicator--a2d5be60-5ee7-4dc6-b626-f5af241f2da0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-45\"],\"modified\":\"2020-02-22T02:55:26.13Z\",\"name\":\"mal_url: http://67.215.224.144/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://67.215.224.144/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:26.13Z\"}", "type": "indicator" @@ -27459,7 +26918,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400794778Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:32.068Z\",\"description\":\"TS ID: 55335562512; iType: mal_url; State: active; Org: Host Sailor Ltd.; Source: CyberCrime\",\"id\":\"indicator--d1c9a2c5-972d-4de3-97b5-c8175e4a0c4c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-22T02:55:32.068Z\",\"name\":\"mal_url: http://abyng.com/mg/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://abyng.com/mg/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:32.068Z\"}", "type": "indicator" @@ -27511,7 +26969,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400795561Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:34.073Z\",\"description\":\"TS ID: 55335562503; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime\",\"id\":\"indicator--bb1eb654-4bcc-4292-a65d-879efac8ff18\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-22T02:55:34.073Z\",\"name\":\"mal_ip: 192.168.118.182\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '192.168.118.182']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:34.073Z\"}", "type": "indicator" @@ -27556,7 +27013,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400796429Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:37.882Z\",\"description\":\"TS ID: 55335562427; iType: mal_ip; State: active; Org: Host Sailor Ltd.; Source: CyberCrime\",\"id\":\"indicator--fdcefce4-18b5-4a39-9b8d-a8816fe4c411\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-76\"],\"modified\":\"2020-02-22T02:55:37.882Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:37.882Z\"}", "type": "indicator" @@ -27601,7 +27057,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400797242Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:50.468Z\",\"description\":\"TS ID: 55335562509; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--8358dddf-0d73-48e3-b8cd-14dc1ba01c09\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-22T02:55:50.468Z\",\"name\":\"mal_url: http://d0lphin1337.xyz/autofarm/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://d0lphin1337.xyz/autofarm/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:50.468Z\"}", "type": "indicator" @@ -27653,7 +27108,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400798074Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-22T02:55:52.759Z\",\"description\":\"TS ID: 55335562480; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--f1deba70-4cd9-42a2-877f-9036b38c72b4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-22T02:55:52.759Z\",\"name\":\"mal_url: http://worldatdoor.in/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://worldatdoor.in/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-22T02:55:52.759Z\"}", "type": "indicator" @@ -27705,7 +27159,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400798958Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:51:55.106Z\",\"description\":\"TS ID: 55342497317; iType: mal_url; State: active; Org: Dedicated-servers; Source: CyberCrime\",\"id\":\"indicator--516caba2-8889-4f32-96e6-e4874a705085\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-23T02:51:55.106Z\",\"name\":\"mal_url: http://89.160.20.156/plugman/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/plugman/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:51:55.106Z\"}", "type": "indicator" @@ -27757,7 +27210,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400799793Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:51:55.126Z\",\"description\":\"TS ID: 55342497247; iType: mal_url; State: active; Org: Clax Telecom Srl; Source: CyberCrime\",\"id\":\"indicator--7ad4e7c7-e202-4d04-8bae-c717d36610e2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-100\"],\"modified\":\"2020-02-23T02:51:55.126Z\",\"name\":\"mal_url: http://stampilam.ro/axe/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://stampilam.ro/axe/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:51:55.126Z\"}", "type": "indicator" @@ -27809,7 +27261,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400800622Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:00.436Z\",\"description\":\"TS ID: 55342497248; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--015e9665-1524-4e79-841d-8038961e0250\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-23T02:52:00.436Z\",\"name\":\"mal_url: http://securesharing.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://securesharing.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:00.436Z\"}", "type": "indicator" @@ -27861,7 +27312,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400801514Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:11.479Z\",\"description\":\"TS ID: 55342497260; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--457f24b0-3aff-4e1b-972b-80bbc70de290\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-23T02:52:11.479Z\",\"name\":\"mal_url: http://ivad.com.vn/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ivad.com.vn/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:11.479Z\"}", "type": "indicator" @@ -27913,7 +27363,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400802675Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:31.664Z\",\"description\":\"TS ID: 55342497257; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--c48537ec-9991-441c-89e6-f41295aa8b88\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-02-23T02:52:31.664Z\",\"name\":\"mal_url: http://mediagift.vn/.bc/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mediagift.vn/.bc/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:31.664Z\"}", "type": "indicator" @@ -27965,7 +27414,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400803526Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:36.705Z\",\"description\":\"TS ID: 55342497265; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--c580668f-1fd0-49e7-bea8-fe3effa1854a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:52:36.705Z\",\"name\":\"mal_url: http://fvrlink.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:36.705Z\"}", "type": "indicator" @@ -28017,7 +27465,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400804356Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:38.725Z\",\"description\":\"TS ID: 55342497253; iType: mal_url; State: active; Org: PT. Dhecyber Flow Indonesia; Source: CyberCrime\",\"id\":\"indicator--97f5e99e-bdb3-4f2e-b9e6-b820f6c6e17c\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-02-23T02:52:38.725Z\",\"name\":\"mal_url: http://petroindonesia.co.id/xxx/xx/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://petroindonesia.co.id/xxx/xx/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:38.725Z\"}", "type": "indicator" @@ -28069,7 +27516,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400805194Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:43.45Z\",\"description\":\"TS ID: 55342497299; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--53d3da3c-985b-4045-bb67-cac32740c8a8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:52:43.45Z\",\"name\":\"mal_url: http://febvnxp.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:43.45Z\"}", "type": "indicator" @@ -28121,7 +27567,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400806110Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:44.281Z\",\"description\":\"TS ID: 55342497255; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--19faa6b5-809f-4a97-9415-10aa8711a095\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-23T02:52:44.281Z\",\"name\":\"mal_url: http://mocdong.com.vn/gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mocdong.com.vn/gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:44.281Z\"}", "type": "indicator" @@ -28173,7 +27618,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400806946Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:46.455Z\",\"description\":\"TS ID: 55342497238; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--f023fd7f-9128-4b43-b8a4-4e18a33dbbf0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-23T02:52:46.455Z\",\"name\":\"mal_url: http://f0405406.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0405406.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:46.455Z\"}", "type": "indicator" @@ -28224,7 +27668,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400807796Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:52:55.747Z\",\"description\":\"TS ID: 55342497297; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--15290dad-dffe-413d-b14c-e1bcbf9c5f62\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:52:55.747Z\",\"name\":\"mal_url: http://febvnxp.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:52:55.747Z\"}", "type": "indicator" @@ -28276,7 +27719,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400808684Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:08.502Z\",\"description\":\"TS ID: 55342497311; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--d04b02bf-6282-4889-95d0-bcebf5f7f3a8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-23T02:53:08.502Z\",\"name\":\"mal_url: http://euromopy.tech/etty/black/download/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://euromopy.tech/etty/black/download/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:08.502Z\"}", "type": "indicator" @@ -28328,7 +27770,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400809565Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:08.537Z\",\"description\":\"TS ID: 55342497243; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime\",\"id\":\"indicator--b3da183c-cefb-4014-bc60-b838648be7b4\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-23T02:53:08.537Z\",\"name\":\"mal_url: http://mez.kl.com.ua/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mez.kl.com.ua/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:08.537Z\"}", "type": "indicator" @@ -28380,7 +27821,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400810398Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:08.568Z\",\"description\":\"TS ID: 55342497237; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--f18c4197-55ad-4dba-beaf-8b57fd984245\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-96\"],\"modified\":\"2020-02-23T02:53:08.568Z\",\"name\":\"mal_url: http://gimhon.ml/kcyi/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gimhon.ml/kcyi/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:08.568Z\"}", "type": "indicator" @@ -28432,7 +27872,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400811297Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:09.543Z\",\"description\":\"TS ID: 55342497304; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--a11a5e52-cd1d-4891-96a6-a9b78a260843\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:09.543Z\",\"name\":\"mal_url: http://febspxi.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:09.543Z\"}", "type": "indicator" @@ -28484,7 +27923,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400812142Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:09.578Z\",\"description\":\"TS ID: 55342497256; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--a5c5b970-919b-4464-b7db-694194d08632\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-23T02:53:09.578Z\",\"name\":\"mal_url: http://mirrapl.com/big/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mirrapl.com/big/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:09.578Z\"}", "type": "indicator" @@ -28536,7 +27974,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400812960Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:09.612Z\",\"description\":\"TS ID: 55342497234; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--60a33c8d-316e-4688-b9f8-e68c82aa36b3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:09.612Z\",\"name\":\"mal_url: http://terayu.tk/irkk/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://terayu.tk/irkk/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:09.612Z\"}", "type": "indicator" @@ -28588,7 +28025,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400813743Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:12.354Z\",\"description\":\"TS ID: 55342497239; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime\",\"id\":\"indicator--1d8670e2-50f8-4595-bdb1-7152df77d2a7\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-81\"],\"modified\":\"2020-02-23T02:53:12.354Z\",\"name\":\"mal_url: http://f0405230.xsph.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://f0405230.xsph.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:12.354Z\"}", "type": "indicator" @@ -28639,7 +28075,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400814838Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:17.566Z\",\"description\":\"TS ID: 55342497249; iType: mal_url; State: active; Org: Media Antar Nusa PT.; Source: CyberCrime\",\"id\":\"indicator--f04e05b1-5cb4-4e30-8d2e-0e1b1bae7523\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-23T02:53:17.566Z\",\"name\":\"mal_url: http://sariincofood.co.id/xx/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://sariincofood.co.id/xx/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:17.566Z\"}", "type": "indicator" @@ -28691,7 +28126,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400815674Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:19.805Z\",\"description\":\"TS ID: 55342497293; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ebf656cd-162d-40e8-8c3a-272285600583\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:53:19.805Z\",\"name\":\"mal_url: http://febvnxp.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:19.805Z\"}", "type": "indicator" @@ -28743,7 +28177,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400816514Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:27.698Z\",\"description\":\"TS ID: 55342497315; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--fb9e5c00-6b18-456e-9503-1a2a74d23642\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-23T02:53:27.698Z\",\"name\":\"mal_url: http://89.160.20.156/primone/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/primone/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:27.698Z\"}", "type": "indicator" @@ -28795,7 +28228,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400817344Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:27.735Z\",\"description\":\"TS ID: 55342497263; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--ff626727-4888-4cba-9257-470f0a70891a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:27.735Z\",\"name\":\"mal_url: http://fvrlink.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:27.735Z\"}", "type": "indicator" @@ -28847,7 +28279,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400818213Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:40.401Z\",\"description\":\"TS ID: 55342497262; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--4ec240b7-0fb7-4d38-8312-841d8f43886b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:40.401Z\",\"name\":\"mal_url: http://fvrlink.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:40.401Z\"}", "type": "indicator" @@ -28899,7 +28330,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400819041Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:40.432Z\",\"description\":\"TS ID: 55342497245; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--9d14574f-9af7-493d-84a2-f631570f1940\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-61\"],\"modified\":\"2020-02-23T02:53:40.432Z\",\"name\":\"mal_url: http://transwesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://transwesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:40.432Z\"}", "type": "indicator" @@ -28951,7 +28381,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400819910Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:40.453Z\",\"description\":\"TS ID: 55342497232; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--e6333eb1-1ff7-4131-94cd-5e5d53bff58f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-23T02:53:40.453Z\",\"name\":\"mal_url: http://mactreher.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mactreher.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:40.453Z\"}", "type": "indicator" @@ -29002,7 +28431,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400820832Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:42.405Z\",\"description\":\"TS ID: 55342497305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--c5e5054b-f15b-4c96-a753-3b3562f66488\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:42.405Z\",\"name\":\"mal_url: http://febspxi.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:42.405Z\"}", "type": "indicator" @@ -29054,7 +28482,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400821685Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:42.443Z\",\"description\":\"TS ID: 55342497235; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--d672c0ee-1501-4276-bd9d-dbdd27a11a7d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:42.443Z\",\"name\":\"mal_url: http://himkon.cf/kcyi/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://himkon.cf/kcyi/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:42.443Z\"}", "type": "indicator" @@ -29106,7 +28533,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400822585Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:47.65Z\",\"description\":\"TS ID: 55342497244; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--9ebd5fa7-5308-48f6-80a2-84c18572d4b6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-68\"],\"modified\":\"2020-02-23T02:53:47.65Z\",\"name\":\"mal_url: http://wesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://wesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:47.65Z\"}", "type": "indicator" @@ -29158,7 +28584,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400823423Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:53:53.437Z\",\"description\":\"TS ID: 55342497268; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--e00da1fa-88c4-4327-b415-71d3499ab5d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:53:53.437Z\",\"name\":\"mal_url: http://fvrlink.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:53:53.437Z\"}", "type": "indicator" @@ -29210,7 +28635,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400824307Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:02.069Z\",\"description\":\"TS ID: 55342497250; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--6d4b1407-6885-4030-beae-43747e458b8a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-23T02:54:02.069Z\",\"name\":\"mal_url: http://portalcafecomnoticias.com.br/test/js/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://portalcafecomnoticias.com.br/test/js/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:02.069Z\"}", "type": "indicator" @@ -29262,7 +28686,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400825165Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:09.172Z\",\"description\":\"TS ID: 55342497312; iType: mal_url; State: active; Org: Unified Layer; Source: CyberCrime\",\"id\":\"indicator--8dd72fce-4734-40a1-8e73-cf44c9319fe1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-54\"],\"modified\":\"2020-02-23T02:54:09.172Z\",\"name\":\"mal_url: http://esenciamaya.com/leo/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://esenciamaya.com/leo/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:09.172Z\"}", "type": "indicator" @@ -29314,7 +28737,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400825993Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:15.807Z\",\"description\":\"TS ID: 55342497294; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--27b834b0-4113-4eca-8989-d7ada85d0779\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:54:15.807Z\",\"name\":\"mal_url: http://febvnxp.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:15.807Z\"}", "type": "indicator" @@ -29366,7 +28788,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400826909Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:17.76Z\",\"description\":\"TS ID: 55342497307; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--56334c71-2f84-4e09-a6cc-017577b99970\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:54:17.76Z\",\"name\":\"mal_url: http://febspxi.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:17.76Z\"}", "type": "indicator" @@ -29418,7 +28839,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400827742Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:19.374Z\",\"description\":\"TS ID: 55342497313; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime\",\"id\":\"indicator--12abfac3-5251-45f4-bfde-20e3081d0f29\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-54\"],\"modified\":\"2020-02-23T02:54:19.374Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:19.374Z\"}", "type": "indicator" @@ -29463,7 +28883,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400828745Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:25.477Z\",\"description\":\"TS ID: 55342497258; iType: mal_url; State: active; Org: InMotion Hosting; Source: CyberCrime\",\"id\":\"indicator--8b4fe873-9b07-4985-9818-291623fc07b9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-82\"],\"modified\":\"2020-02-23T02:54:25.477Z\",\"name\":\"mal_url: http://mawa2ef.com/core/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://mawa2ef.com/core/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:25.477Z\"}", "type": "indicator" @@ -29515,7 +28934,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400829667Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:39.696Z\",\"description\":\"TS ID: 55342497298; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--c3486bc6-ca92-469f-b0d0-fd8f5cd81580\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-87\"],\"modified\":\"2020-02-23T02:54:39.696Z\",\"name\":\"mal_url: http://febvnxp.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febvnxp.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:39.696Z\"}", "type": "indicator" @@ -29567,7 +28985,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400830539Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:39.976Z\",\"description\":\"TS ID: 55342497308; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--0748270e-f010-4598-a389-553d3fffcb48\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:54:39.976Z\",\"name\":\"mal_url: http://febspxi.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:39.976Z\"}", "type": "indicator" @@ -29619,7 +29036,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400831396Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:40.035Z\",\"description\":\"TS ID: 55342497254; iType: mal_ip; State: active; Org: PT. Dhecyber Flow Indonesia; Source: CyberCrime\",\"id\":\"indicator--cd075ee5-9b9f-4203-a9a3-c9592a6f6941\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-02-23T02:54:40.035Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:40.035Z\"}", "type": "indicator" @@ -29664,7 +29080,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400832174Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:40.281Z\",\"description\":\"TS ID: 55342497241; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime\",\"id\":\"indicator--ed6fe1be-e6b6-436e-9d8f-f2440d34b32f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-23T02:54:40.281Z\",\"name\":\"mal_url: http://dabain.live/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://dabain.live/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:40.281Z\"}", "type": "indicator" @@ -29716,7 +29131,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400833068Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:48.232Z\",\"description\":\"TS ID: 55342497251; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime\",\"id\":\"indicator--3e220a1d-3d12-4baf-984e-90a3b7431aff\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-59\"],\"modified\":\"2020-02-23T02:54:48.232Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:48.232Z\"}", "type": "indicator" @@ -29761,7 +29175,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400833847Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:53.263Z\",\"description\":\"TS ID: 55342497316; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--6bc71acc-f3da-4b79-bcc0-7ce4a4a4d4ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-23T02:54:53.263Z\",\"name\":\"mal_url: http://89.160.20.156/africa/logs/omc.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/africa/logs/omc.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:53.263Z\"}", "type": "indicator" @@ -29813,7 +29226,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400834692Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:54:54.071Z\",\"description\":\"TS ID: 55342497266; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--1fcdf65f-a35b-4556-a7cc-6c61084af334\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:54:54.071Z\",\"name\":\"mal_url: http://fvrlink.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:54:54.071Z\"}", "type": "indicator" @@ -29865,7 +29277,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400835526Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:00.871Z\",\"description\":\"TS ID: 55342497310; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime\",\"id\":\"indicator--b1974beb-95fb-42b7-b2c0-81f71643da88\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-23T02:55:00.871Z\",\"name\":\"mal_url: http://euromopy.tech/rosemond/backup/dataz/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://euromopy.tech/rosemond/backup/dataz/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:00.871Z\"}", "type": "indicator" @@ -29917,7 +29328,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400836414Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:00.907Z\",\"description\":\"TS ID: 55342497300; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--48501c24-3a05-4f0c-88f1-2a50eaa227ea\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:55:00.907Z\",\"name\":\"mal_url: http://febspxi.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://febspxi.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:00.907Z\"}", "type": "indicator" @@ -29969,7 +29379,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400837272Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:00.94Z\",\"description\":\"TS ID: 55342497242; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--6cfdb5ac-7f06-48e6-9ba6-67ade05e01d6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-67\"],\"modified\":\"2020-02-23T02:55:00.94Z\",\"name\":\"mal_url: http://ovdoker.myjino.ru/dashboard/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ovdoker.myjino.ru/dashboard/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:00.94Z\"}", "type": "indicator" @@ -30021,7 +29430,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400838243Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:03.894Z\",\"description\":\"TS ID: 55342497264; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--f48e2a6f-9af6-4b9c-b9a7-e2775d552731\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-23T02:55:03.894Z\",\"name\":\"mal_url: http://fvrlink.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://fvrlink.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:03.894Z\"}", "type": "indicator" @@ -30073,7 +29481,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400839144Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-23T02:55:15.714Z\",\"description\":\"TS ID: 55342497314; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--a3c0fc0a-ae59-495a-a9cc-b2dfe9a494ab\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-23T02:55:15.714Z\",\"name\":\"mal_url: http://epperfums.com/dino/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/dino/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-23T02:55:15.714Z\"}", "type": "indicator" @@ -30125,7 +29532,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400839996Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-24T02:54:25.932Z\",\"description\":\"TS ID: 55344292231; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--abe3e442-e923-4ad1-b4cb-3695a954a2a0\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-69\"],\"modified\":\"2020-02-24T02:54:25.932Z\",\"name\":\"mal_url: http://saind.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://saind.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-24T02:54:25.932Z\"}", "type": "indicator" @@ -30176,7 +29582,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400840775Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:18.371Z\",\"description\":\"TS ID: 55347597591; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--c19c0ccc-9df8-4804-83da-1c469d220574\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:52:18.371Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/7/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/7/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:18.371Z\"}", "type": "indicator" @@ -30228,7 +29633,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400841554Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:27.703Z\",\"description\":\"TS ID: 55347597548; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--00bee6fc-4a90-4160-8493-8176f8cf73ff\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:52:27.703Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/14/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/14/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:27.703Z\"}", "type": "indicator" @@ -30280,7 +29684,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400842344Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:27.729Z\",\"description\":\"TS ID: 55347597515; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--952cf095-32f4-4b10-8680-499ccd9f784f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-25T02:52:27.729Z\",\"name\":\"mal_url: http://pabloemino.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://pabloemino.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:27.729Z\"}", "type": "indicator" @@ -30332,7 +29735,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400843174Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:27.765Z\",\"description\":\"TS ID: 55347597501; iType: mal_url; State: active; Org: Swiftway Sp. z o.o.; Source: CyberCrime\",\"id\":\"indicator--7f18dccc-1649-44ea-b9c7-e445487506a2\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-43\"],\"modified\":\"2020-02-25T02:52:27.765Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:27.765Z\"}", "type": "indicator" @@ -30383,7 +29785,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400844019Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:27.808Z\",\"description\":\"TS ID: 55347597469; iType: mal_ip; State: active; Org: EuroByte LLC; Source: CyberCrime\",\"id\":\"indicator--4759e40a-5abd-49dc-90fd-2ba8bac1a613\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-25T02:52:27.808Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:27.808Z\"}", "type": "indicator" @@ -30428,7 +29829,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400844809Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:37.329Z\",\"description\":\"TS ID: 55347597509; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--ae58138e-b594-4519-adb0-6dbbd8377b75\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-02-25T02:52:37.329Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:37.329Z\"}", "type": "indicator" @@ -30473,7 +29873,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400845812Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:38.025Z\",\"description\":\"TS ID: 55347597663; iType: mal_ip; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--4c51e9ac-be12-496c-a2d0-7e3536243aef\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-39\"],\"modified\":\"2020-02-25T02:52:38.025Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:38.025Z\"}", "type": "indicator" @@ -30518,7 +29917,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400846642Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:38.053Z\",\"description\":\"TS ID: 55347597470; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--c36b85d9-df19-439b-8605-d7c4b0653977\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:52:38.053Z\",\"name\":\"mal_url: http://ayoobtextlie.com/clap/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:38.053Z\"}", "type": "indicator" @@ -30570,7 +29968,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400847461Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:38.531Z\",\"description\":\"TS ID: 55347597659; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime\",\"id\":\"indicator--862bddc3-1b58-45b2-a40d-502d50369e0e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-96\"],\"modified\":\"2020-02-25T02:52:38.531Z\",\"name\":\"mal_url: http://jusqit.com/2/panel/admin.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://jusqit.com/2/panel/admin.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:38.531Z\"}", "type": "indicator" @@ -30622,7 +30019,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400848359Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:38.564Z\",\"description\":\"TS ID: 55347597488; iType: mal_url; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime\",\"id\":\"indicator--d16f564b-6c1f-4515-97e7-d9a19515dd78\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-88\"],\"modified\":\"2020-02-25T02:52:38.564Z\",\"name\":\"mal_url: http://webupdateadobe.com/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://webupdateadobe.com/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:38.564Z\"}", "type": "indicator" @@ -30673,7 +30069,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400849190Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:40.276Z\",\"description\":\"TS ID: 55347597520; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--2c31e18b-164e-42bc-afd8-04815a33e043\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:52:40.276Z\",\"name\":\"mal_url: http://gsddfsfasa.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://gsddfsfasa.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:40.276Z\"}", "type": "indicator" @@ -30725,7 +30120,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400849972Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:40.317Z\",\"description\":\"TS ID: 55347597516; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--8b22f126-3c79-4d20-8e8c-96e50c384ddf\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-86\"],\"modified\":\"2020-02-25T02:52:40.317Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:40.317Z\"}", "type": "indicator" @@ -30770,7 +30164,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400850783Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:40.344Z\",\"description\":\"TS ID: 55347597474; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime\",\"id\":\"indicator--387937df-4030-4cfe-91b7-bd9795985adc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:52:40.344Z\",\"name\":\"mal_url: http://atlasdecarqo.com/chief5/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atlasdecarqo.com/chief5/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:40.344Z\"}", "type": "indicator" @@ -30822,7 +30215,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400851616Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:41.781Z\",\"description\":\"TS ID: 55347597465; iType: mal_ip; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--fca5d6b6-f486-4a46-a8a6-a1a6cb078a08\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-25T02:52:41.781Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:41.781Z\"}", "type": "indicator" @@ -30867,7 +30259,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400852392Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:52.59Z\",\"description\":\"TS ID: 55347597566; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--4f92667a-5e1b-4111-88d4-e3e04405e97a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:52:52.59Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/10/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/10/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:52.59Z\"}", "type": "indicator" @@ -30919,7 +30310,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400853194Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:52.623Z\",\"description\":\"TS ID: 55347597530; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime\",\"id\":\"indicator--04bc5b54-46ae-44d7-96a6-863481383436\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:52:52.623Z\",\"name\":\"mal_url: http://anypontop.com/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://anypontop.com/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:52.623Z\"}", "type": "indicator" @@ -30971,7 +30361,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400853969Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:52.674Z\",\"description\":\"TS ID: 55347597522; iType: mal_ip; State: active; Source: CyberCrime\",\"id\":\"indicator--65a5607b-388a-4789-98d0-84d77ee94047\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-83\"],\"modified\":\"2020-02-25T02:52:52.674Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:52.674Z\"}", "type": "indicator" @@ -31016,7 +30405,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400854887Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:52.712Z\",\"description\":\"TS ID: 55347597467; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--b70344da-8137-4550-b569-97f0e3020ab1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-25T02:52:52.712Z\",\"name\":\"mal_url: http://epperfums.com/deal/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/deal/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:52.712Z\"}", "type": "indicator" @@ -31068,7 +30456,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400855708Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:52:55.912Z\",\"description\":\"TS ID: 55347597506; iType: mal_ip; State: active; Org: Leaseweb Deutschland GmbH; Source: CyberCrime\",\"id\":\"indicator--3ff92876-fac4-49a6-ae80-d123206dc224\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-84\"],\"modified\":\"2020-02-25T02:52:55.912Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:52:55.912Z\"}", "type": "indicator" @@ -31113,7 +30500,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400856494Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:04.191Z\",\"description\":\"TS ID: 55347597485; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime\",\"id\":\"indicator--cb9b2721-6623-44c2-b1e5-143f2291738b\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-63\"],\"modified\":\"2020-02-25T02:53:04.191Z\",\"name\":\"mal_url: http://belt-yard-74.myjino.ru/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://belt-yard-74.myjino.ru/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:04.191Z\"}", "type": "indicator" @@ -31164,7 +30550,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400857349Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:12.657Z\",\"description\":\"TS ID: 55347597478; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime\",\"id\":\"indicator--04c56a59-3a16-4284-9edc-5445bb539ce5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:53:12.657Z\",\"name\":\"mal_url: http://atlasdecarqo.com/chief1/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atlasdecarqo.com/chief1/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:12.657Z\"}", "type": "indicator" @@ -31216,7 +30601,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400858198Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:15.804Z\",\"description\":\"TS ID: 55347597559; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--1989ffaf-19a7-4850-b142-d31758a3751f\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:53:15.804Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/11/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/11/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:15.804Z\"}", "type": "indicator" @@ -31268,7 +30652,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400858970Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:15.88Z\",\"description\":\"TS ID: 55347597483; iType: mal_ip; State: active; Org: Datalot; Source: CyberCrime\",\"id\":\"indicator--66939f56-1a6f-43d1-b7a4-277e3ac55584\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-77\"],\"modified\":\"2020-02-25T02:53:15.88Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:15.88Z\"}", "type": "indicator" @@ -31313,7 +30696,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400859772Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.191Z\",\"description\":\"TS ID: 55347597555; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--fe0a731e-e2ff-49ac-a597-150ce46a31fc\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:53:17.191Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/12/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/12/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.191Z\"}", "type": "indicator" @@ -31365,7 +30747,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400860647Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.224Z\",\"description\":\"TS ID: 55347597468; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--53d00201-4c9a-4275-9091-4cf08fda4676\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:53:17.224Z\",\"name\":\"mal_url: http://ayoobtextlie.com/clean/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/clean/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.224Z\"}", "type": "indicator" @@ -31417,7 +30798,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400861425Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.256Z\",\"description\":\"TS ID: 55347597466; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--4e154929-35ec-4f71-8793-6b861a9a98f1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-25T02:53:17.256Z\",\"name\":\"mal_url: http://epperfums.com/divide/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/divide/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.256Z\"}", "type": "indicator" @@ -31469,7 +30849,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400862209Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.916Z\",\"description\":\"TS ID: 55347597583; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--4ce097b7-254b-41cf-8c7d-934524548fd6\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:53:17.916Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/8/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/8/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.916Z\"}", "type": "indicator" @@ -31521,7 +30900,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400863055Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.952Z\",\"description\":\"TS ID: 55347597508; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--51f063d7-600f-43c3-9f88-92e4b3b603da\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:53:17.952Z\",\"name\":\"mal_url: http://petrouretro.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://petrouretro.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.952Z\"}", "type": "indicator" @@ -31573,7 +30951,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400863865Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:17.983Z\",\"description\":\"TS ID: 55347597481; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime\",\"id\":\"indicator--5c9b2227-96df-4cc8-ba6b-c23f4da9667a\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-72\"],\"modified\":\"2020-02-25T02:53:17.983Z\",\"name\":\"mal_url: http://imperiaskygarden.net/.choo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://imperiaskygarden.net/.choo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:17.983Z\"}", "type": "indicator" @@ -31625,7 +31002,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400864698Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:36.323Z\",\"description\":\"TS ID: 55347597534; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--751b74f4-ded7-426d-b425-cb9c2b3113a8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:53:36.323Z\",\"name\":\"mal_url: http://agmardorecha.pw/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://agmardorecha.pw/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:36.323Z\"}", "type": "indicator" @@ -31677,7 +31053,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400865527Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:36.382Z\",\"description\":\"TS ID: 55347597492; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime\",\"id\":\"indicator--4fcbf6f5-5acc-42da-acb0-497583b3388d\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-53\"],\"modified\":\"2020-02-25T02:53:36.382Z\",\"name\":\"mal_url: http://149.28.186.68/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://149.28.186.68/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:36.382Z\"}", "type": "indicator" @@ -31728,7 +31103,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400866317Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:36.421Z\",\"description\":\"TS ID: 55347597464; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime\",\"id\":\"indicator--713e0d5f-3842-410f-98d8-25fe0f5b15db\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-94\"],\"modified\":\"2020-02-25T02:53:36.421Z\",\"name\":\"mal_url: http://epperfums.com/dope/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://epperfums.com/dope/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:36.421Z\"}", "type": "indicator" @@ -31780,7 +31154,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400867161Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:53:42.111Z\",\"description\":\"TS ID: 55347597500; iType: mal_url; State: active; Source: CyberCrime\",\"id\":\"indicator--895a994a-7833-47fe-a832-fc3ce5f070a5\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-71\"],\"modified\":\"2020-02-25T02:53:42.111Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:53:42.111Z\"}", "type": "indicator" @@ -31831,7 +31204,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400867976Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:16.295Z\",\"description\":\"TS ID: 55347597622; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--86fd616d-f6a3-45ff-a3a8-db1aa59defd9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:54:16.295Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/4/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/4/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:16.295Z\"}", "type": "indicator" @@ -31883,7 +31255,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400868810Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:21.544Z\",\"description\":\"TS ID: 55347597482; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime\",\"id\":\"indicator--57fb3a6f-09ca-44a2-b309-724b570e1fd9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-74\"],\"modified\":\"2020-02-25T02:54:21.544Z\",\"name\":\"mal_url: http://klickus.com/bin/cgi/Panel/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://klickus.com/bin/cgi/Panel/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:21.544Z\"}", "type": "indicator" @@ -31935,7 +31306,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400869655Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:32.178Z\",\"description\":\"TS ID: 55347597608; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--1b2dfaef-5caa-4114-9634-cf2f9959dbfb\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:54:32.178Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/5/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/5/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:32.178Z\"}", "type": "indicator" @@ -31987,7 +31357,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400870421Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:37.327Z\",\"description\":\"TS ID: 55347597484; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--44544bfd-7131-4530-a9de-96c1840101c1\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:54:37.327Z\",\"name\":\"mal_url: http://ayoobtextlie.com/copy/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/copy/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:37.327Z\"}", "type": "indicator" @@ -32039,7 +31408,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400871205Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:37.383Z\",\"description\":\"TS ID: 55347597463; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--51779de2-0d07-4d60-abf6-afdc0dfc7637\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-90\"],\"modified\":\"2020-02-25T02:54:37.383Z\",\"name\":\"mal_url: http://0ooo.xyz/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://0ooo.xyz/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:37.383Z\"}", "type": "indicator" @@ -32090,7 +31458,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400872100Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:48.929Z\",\"description\":\"TS ID: 55347597475; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime\",\"id\":\"indicator--b7d14453-ad19-4246-961a-72f0e5136874\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:54:48.929Z\",\"name\":\"mal_url: http://atlasdecarqo.com/chief4/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atlasdecarqo.com/chief4/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:48.929Z\"}", "type": "indicator" @@ -32142,7 +31509,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400872928Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:54:54.632Z\",\"description\":\"TS ID: 55347597487; iType: mal_ip; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime\",\"id\":\"indicator--064f2766-97b6-481d-a273-f80a97524be8\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-02-25T02:54:54.632Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:54:54.632Z\"}", "type": "indicator" @@ -32187,7 +31553,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400873768Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:06.15Z\",\"description\":\"TS ID: 55347597650; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--3f3bca20-c218-431d-8250-0f600b011971\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:55:06.15Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/1/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/1/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:06.15Z\"}", "type": "indicator" @@ -32239,7 +31604,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400874613Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:06.186Z\",\"description\":\"TS ID: 55347597472; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime\",\"id\":\"indicator--6b3d6689-75e8-4f50-a1c0-f1a1e6158493\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-93\"],\"modified\":\"2020-02-25T02:55:06.186Z\",\"name\":\"mal_url: http://ayoobtextlie.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://ayoobtextlie.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:06.186Z\"}", "type": "indicator" @@ -32291,7 +31655,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400875528Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:06.314Z\",\"description\":\"TS ID: 55347597495; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime\",\"id\":\"indicator--1306883c-b911-4116-9121-492450e4bb07\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-56\"],\"modified\":\"2020-02-25T02:55:06.314Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:06.314Z\"}", "type": "indicator" @@ -32342,7 +31705,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400876315Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:27.523Z\",\"description\":\"TS ID: 55347597627; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime\",\"id\":\"indicator--d4a02ea1-435f-472e-8013-07e4e24f5a2e\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:55:27.523Z\",\"name\":\"mal_url: http://farsson.com/~zadmin/3/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://farsson.com/~zadmin/3/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:27.523Z\"}", "type": "indicator" @@ -32394,7 +31756,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400877141Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:35.424Z\",\"description\":\"TS ID: 55347597528; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime\",\"id\":\"indicator--1e8d894d-1e8b-4ba9-ae25-1e3e00c055ce\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-95\"],\"modified\":\"2020-02-25T02:55:35.424Z\",\"name\":\"mal_url: http://atomicwallet.email/login.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atomicwallet.email/login.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:35.424Z\"}", "type": "indicator" @@ -32446,7 +31807,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400878027Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:35.462Z\",\"description\":\"TS ID: 55347597489; iType: mal_url; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime\",\"id\":\"indicator--cb377636-13ce-421e-926f-e33e2b954263\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-47\"],\"modified\":\"2020-02-25T02:55:35.462Z\",\"name\":\"mal_url: http://89.160.20.156/login\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://89.160.20.156/login']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:35.462Z\"}", "type": "indicator" @@ -32497,7 +31857,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400878874Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:35.496Z\",\"description\":\"TS ID: 55347597477; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime\",\"id\":\"indicator--1163cdee-566a-404a-b66e-657857eb4af3\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-85\"],\"modified\":\"2020-02-25T02:55:35.496Z\",\"name\":\"mal_url: http://atlasdecarqo.com/chief2/five/PvqDq929BSx_A_D_M1n_a.php\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[url:value = 'http://atlasdecarqo.com/chief2/five/PvqDq929BSx_A_D_M1n_a.php']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:35.496Z\"}", "type": "indicator" @@ -32549,7 +31908,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:54:10.400879701Z", "kind": "enrichment", "original": "{\"created\":\"2020-02-25T02:55:39.691Z\",\"description\":\"TS ID: 55347597536; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime\",\"id\":\"indicator--3190b47c-44f4-4e7e-8bd5-7b16a62fd3e9\",\"labels\":[\"malicious-activity\",\"threatstream-severity-medium\",\"threatstream-confidence-89\"],\"modified\":\"2020-02-25T02:55:39.691Z\",\"name\":\"mal_ip: 89.160.20.156\",\"object_marking_refs\":[\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"],\"pattern\":\"[ipv4-addr:value = '89.160.20.156']\",\"type\":\"indicator\",\"valid_from\":\"2020-02-25T02:55:39.691Z\"}", "type": "indicator" diff --git a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml index 67e08bb29d5..fb63658f31a 100644 --- a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.2.0" diff --git a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json index d33c4172e4e..e611706406c 100644 --- a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json +++ b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json @@ -25,7 +25,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600257073Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -90,7 +89,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600259846Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -153,7 +151,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600262153Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -216,7 +213,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600263023Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -271,7 +267,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600263883Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -335,7 +330,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600264749Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -399,7 +393,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600265538Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -459,7 +452,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600266464Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -513,7 +505,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600267379Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -576,7 +567,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600268218Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -638,7 +628,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600269077Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -694,7 +683,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600270169Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -750,7 +738,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600271078Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -811,7 +798,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600271914Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -868,7 +854,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600272805Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -922,7 +907,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600273646Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -978,7 +962,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600274658Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1035,7 +1018,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600275528Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1091,7 +1073,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600276463Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -1147,7 +1128,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600277402Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1202,7 +1182,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600278323Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1257,7 +1236,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600279162Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -1315,7 +1293,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600280062Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1370,7 +1347,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600281037Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1432,7 +1408,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600281928Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1489,7 +1464,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600282828Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1545,7 +1519,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600283722Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1600,7 +1573,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600284573Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1653,7 +1625,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600285476Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -1715,7 +1686,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600286371Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1778,7 +1748,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600287543Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -1834,7 +1803,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600288430Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -1891,7 +1859,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600289385Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -1947,7 +1914,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600290283Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2001,7 +1967,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600291278Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2057,7 +2022,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600292177Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -2113,7 +2077,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600293132Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -2167,7 +2130,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600293984Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2222,7 +2184,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600294766Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -2283,7 +2244,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600295667Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2337,7 +2297,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600296451Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2393,7 +2352,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600297232Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2449,7 +2407,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600298010Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -2512,7 +2469,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600298797Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2568,7 +2524,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600299582Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -2629,7 +2584,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600300366Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2691,7 +2645,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600301141Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -2746,7 +2699,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600301932Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2801,7 +2753,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600302717Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -2857,7 +2808,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600303522Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -2913,7 +2863,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600304489Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -2974,7 +2923,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600305278Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -3029,7 +2977,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600306064Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -3083,7 +3030,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600306857Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3136,7 +3082,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600307669Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -3198,7 +3143,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600308451Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3252,7 +3196,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600309240Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -3307,7 +3250,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600310032Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -3363,7 +3305,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600310824Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3418,7 +3359,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600311606Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3474,7 +3414,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600312401Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -3535,7 +3474,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600313190Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -3591,7 +3529,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600313976Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -3646,7 +3583,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600314779Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -3702,7 +3638,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600315569Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3758,7 +3693,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600316357Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3814,7 +3748,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600317149Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -3869,7 +3802,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600317956Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3923,7 +3855,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600318756Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -3985,7 +3916,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600319597Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4039,7 +3969,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600320391Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4093,7 +4022,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600321180Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4148,7 +4076,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600321984Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -4209,7 +4136,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600322764Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -4264,7 +4190,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600323688Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4318,7 +4243,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600324472Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4374,7 +4298,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600325263Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4435,7 +4358,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600326109Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4492,7 +4414,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600331474Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4547,7 +4468,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600332759Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4615,7 +4535,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600334254Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4677,7 +4596,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600335120Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4730,7 +4648,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600335966Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4789,7 +4706,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600336715Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -4851,7 +4767,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600337453Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4914,7 +4829,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600338394Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -4982,7 +4896,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600339146Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -5044,7 +4957,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600339877Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -5102,7 +5014,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600340619Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -5162,7 +5073,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600341414Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -5224,7 +5134,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600342153Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -5285,7 +5194,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600342895Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -5346,7 +5254,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600343697Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -5406,7 +5313,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600344435Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -5467,7 +5373,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600345205Z", "kind": "enrichment", "severity": 5, "type": "indicator" @@ -5517,7 +5422,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600345957Z", "kind": "enrichment", "severity": 9, "type": "indicator" @@ -5565,7 +5469,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600346698Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -5615,7 +5518,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600347441Z", "kind": "enrichment", "severity": 7, "type": "indicator" @@ -5664,7 +5566,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600348185Z", "kind": "enrichment", "severity": 3, "type": "indicator" @@ -5714,7 +5615,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:56:33.600348920Z", "kind": "enrichment", "severity": 3, "type": "indicator" diff --git a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml index 99f45252c38..3a656473320 100644 --- a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: # # Set basic ECS fields. # - - set: - field: event.ingested - value: "{{{ _ingest.timestamp }}}" - set: field: ecs.version value: "8.2.0" diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json index 66ecb8e207c..c488b957732 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-attributes-ndjson.log-expected.json @@ -7,7 +7,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230583330Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload installation\",\"comment\":\"Contextual comment for the file md5 attribute\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3631\",\"first_seen\":null,\"id\":\"266258\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588162\",\"to_ids\":false,\"type\":\"md5\",\"uuid\":\"34c59b06-d35d-4808-919c-4b452f185c52\",\"value\":\"70461da8b94c6ca5d2fda3260c5a8c3b\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"1\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}", "type": "indicator" @@ -83,7 +82,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230585831Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"Artefact dropped for test 2\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3632\",\"first_seen\":null,\"id\":\"266259\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588675\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"73102a1c-7432-47b7-9644-6f9d46b6887c\",\"value\":\"60461da8b94c6ca5d2fda3260c5a8c3b\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"2\",\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"analysis\":\"2\",\"date\":\"2018-03-26\",\"distribution\":\"3\",\"id\":\"684\",\"info\":\"OSINT - Forgot About Default Accounts? No Worries, GoScanSSH Didn’t\",\"org_id\":\"1\",\"orgc_id\":\"2\",\"published\":true,\"threat_level_id\":\"3\",\"timestamp\":\"1523865236\",\"uuid\":\"5acdb4d0-b534-4713-9612-4a1d950d210f\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"4\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3632\",\"info\":\"Test event 2 just more atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1621588836\",\"uuid\":\"efbca287-edb5-4ad7-b8e4-fe9da514a763\"}}", "type": "indicator" @@ -159,7 +157,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230586982Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Network activity\",\"comment\":\"Conext for domain type attribute event 2\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3632\",\"first_seen\":null,\"id\":\"266260\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588744\",\"to_ids\":true,\"type\":\"domain\",\"uuid\":\"a52a1b47-a580-4f33-96ba-939cf9146c9b\",\"value\":\"baddom.madeup.local\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"2\",\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"analysis\":\"2\",\"date\":\"2018-03-26\",\"distribution\":\"3\",\"id\":\"684\",\"info\":\"OSINT - Forgot About Default Accounts? No Worries, GoScanSSH Didn’t\",\"org_id\":\"1\",\"orgc_id\":\"2\",\"published\":true,\"threat_level_id\":\"3\",\"timestamp\":\"1523865236\",\"uuid\":\"5acdb4d0-b534-4713-9612-4a1d950d210f\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"4\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3632\",\"info\":\"Test event 2 just more atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1621588836\",\"uuid\":\"efbca287-edb5-4ad7-b8e4-fe9da514a763\"}}", "type": "indicator" @@ -233,7 +230,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230587958Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Network activity\",\"comment\":\"Ip-src attribute context for event2\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3632\",\"first_seen\":null,\"id\":\"266261\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588800\",\"to_ids\":false,\"type\":\"ip-src\",\"uuid\":\"3dbf224b-7c84-4c4b-9f95-80f28954bd10\",\"value\":\"10.0.0.1\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"2\",\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"analysis\":\"2\",\"date\":\"2018-03-26\",\"distribution\":\"3\",\"id\":\"684\",\"info\":\"OSINT - Forgot About Default Accounts? No Worries, GoScanSSH Didn’t\",\"org_id\":\"1\",\"orgc_id\":\"2\",\"published\":true,\"threat_level_id\":\"3\",\"timestamp\":\"1523865236\",\"uuid\":\"5acdb4d0-b534-4713-9612-4a1d950d210f\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"4\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3632\",\"info\":\"Test event 2 just more atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1621588836\",\"uuid\":\"efbca287-edb5-4ad7-b8e4-fe9da514a763\"}}", "type": "indicator" @@ -305,7 +301,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230588923Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Network activity\",\"comment\":\"ip-dst context for event id 2\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3632\",\"first_seen\":null,\"id\":\"266262\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621588836\",\"to_ids\":true,\"type\":\"ip-dst\",\"uuid\":\"db4bfd36-7374-4f8c-9031-60e56d4bba30\",\"value\":\"192.168.1.50\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"2\",\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"analysis\":\"2\",\"date\":\"2018-03-26\",\"distribution\":\"3\",\"id\":\"684\",\"info\":\"OSINT - Forgot About Default Accounts? No Worries, GoScanSSH Didn’t\",\"org_id\":\"1\",\"orgc_id\":\"2\",\"published\":true,\"threat_level_id\":\"3\",\"timestamp\":\"1523865236\",\"uuid\":\"5acdb4d0-b534-4713-9612-4a1d950d210f\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"4\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3632\",\"info\":\"Test event 2 just more atrributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"2\",\"timestamp\":\"1621588836\",\"uuid\":\"efbca287-edb5-4ad7-b8e4-fe9da514a763\"}}", "type": "indicator" @@ -377,7 +372,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230589796Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266267\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"fullpath\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"ff97cc32-815e-4fc9-9d4b-cab9822027a6\",\"value\":\"\\\\the\\\\fullpath\\\\to the file\\\\filenameofobject.txt\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -468,7 +462,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230590666Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266268\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"size-in-bytes\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":false,\"type\":\"size-in-bytes\",\"uuid\":\"e378b4d9-43e1-4c64-bd4e-70fce2b4e581\",\"value\":\"505050\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -559,7 +552,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230591648Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266264\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"md5\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"787b3822-0bec-4278-b34a-5d649e7bce05\",\"value\":\"70461da8b94c6ca5d2fda3260c5a8c3b\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -654,7 +646,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230592569Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266265\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"sha256\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":true,\"type\":\"sha256\",\"uuid\":\"657c5f2b-9d68-4ff7-a9ad-ab9e6a6c953e\",\"value\":\"f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -749,7 +740,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230593432Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"filename contect for test event 3\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266263\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1621589229\",\"to_ids\":false,\"type\":\"filename\",\"uuid\":\"3b322e1a-1dd8-490c-ab96-12e1bc3ee6a3\",\"value\":\"thetestfile.txt\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"266266\",\"last_seen\":null,\"object_id\":\"18207\",\"object_relation\":\"filename\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621589548\",\"to_ids\":true,\"type\":\"filename\",\"uuid\":\"6648d129-9200-431b-9b41-263a84f7c9d2\",\"value\":\"filenameofobject.txt\"},\"ObjectReference\":[],\"comment\":\"File object for event 3\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3633\",\"first_seen\":null,\"id\":\"18207\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621589548\",\"uuid\":\"42a88ad4-6834-46a9-a18b-aff9e078a4ea\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"analysis\":\"0\",\"date\":\"2021-05-21\",\"distribution\":\"1\",\"id\":\"3631\",\"info\":\"Test event 1 just atrributes\",\"org_id\":\"1\",\"orgc_id\":\"1\",\"published\":false,\"threat_level_id\":\"1\",\"timestamp\":\"1621588162\",\"uuid\":\"8ca56ae9-3747-4172-93d2-808da1a4eaf3\"}}],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"6\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3633\",\"info\":\"Test event 3 objects and attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592532\",\"uuid\":\"4edb20c7-8175-484d-bdcd-fce6872c1ef3\"}}", "type": "indicator" @@ -842,7 +832,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230594419Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"266269\",\"last_seen\":null,\"object_id\":\"18208\",\"object_relation\":\"text\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621591770\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"25d2f181-26ae-4d6f-b4fd-85b9d1f82e67\",\"value\":\"Free text in the file object\"},\"ObjectReference\":[],\"comment\":\"File object for test event 4 \",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"18208\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621591770\",\"uuid\":\"190c762c-a389-4ecc-8f6e-68f92d42adef\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"3\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3634\",\"info\":\"Test event 4 with object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1621591770\",\"uuid\":\"d98a8418-9f90-4b50-a623-6921ca5b356d\"}}", "type": "indicator" @@ -915,7 +904,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230595495Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"266270\",\"last_seen\":null,\"object_id\":\"18208\",\"object_relation\":\"sha256\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621591770\",\"to_ids\":true,\"type\":\"sha256\",\"uuid\":\"4e579782-346b-44b3-b72c-1cae8d87cb25\",\"value\":\"567caa7653723f8818ec9eb6f2e27f6d9d8c0aca0c96fc457659340e7bbdc666\"},\"ObjectReference\":[],\"comment\":\"File object for test event 4 \",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"18208\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621591770\",\"uuid\":\"190c762c-a389-4ecc-8f6e-68f92d42adef\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"3\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3634\",\"info\":\"Test event 4 with object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1621591770\",\"uuid\":\"d98a8418-9f90-4b50-a623-6921ca5b356d\"}}", "type": "indicator" @@ -992,7 +980,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230596457Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"266271\",\"last_seen\":null,\"object_id\":\"18208\",\"object_relation\":\"filename\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621591770\",\"to_ids\":true,\"type\":\"filename\",\"uuid\":\"a40343b5-a480-4288-9b0c-7ae074a77140\",\"value\":\"filenameinmispobject.txt\"},\"ObjectReference\":[],\"comment\":\"File object for test event 4 \",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3634\",\"first_seen\":null,\"id\":\"18208\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621591770\",\"uuid\":\"190c762c-a389-4ecc-8f6e-68f92d42adef\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"3\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3634\",\"info\":\"Test event 4 with object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1621591770\",\"uuid\":\"d98a8418-9f90-4b50-a623-6921ca5b356d\"}}", "type": "indicator" @@ -1067,7 +1054,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230597351Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266272\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"text\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"188a6a15-5704-4e4f-acba-22c55ab08fe8\",\"value\":\"Object 5 free text attribute in object\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1140,7 +1126,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230598221Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266275\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"entropy\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":false,\"type\":\"float\",\"uuid\":\"2400b103-4a33-4f92-ac04-a558b6c6e252\",\"value\":\"0.53535445\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1213,7 +1198,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230599087Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266276\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"size-in-bytes\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":false,\"type\":\"size-in-bytes\",\"uuid\":\"e5ea3ec0-cdf4-4d3e-bd66-a7bf384fd3d7\",\"value\":\"55555\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1286,7 +1270,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230600067Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266273\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"sha256\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":true,\"type\":\"sha256\",\"uuid\":\"803f10bd-9087-4169-8699-277579a92693\",\"value\":\"567caa7653723f8818ec9eb6f2e27f6d9d8c0aca0c96fc457659340e7bbdc665\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1363,7 +1346,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230600959Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":[],\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"266274\",\"last_seen\":null,\"object_id\":\"18209\",\"object_relation\":\"filename\",\"sharing_group_id\":\"0\",\"timestamp\":\"1621592379\",\"to_ids\":true,\"type\":\"filename\",\"uuid\":\"e5c7a9f0-c0e1-4024-9ab8-de8a1b403e4f\",\"value\":\"object5.txt\"},\"ObjectReference\":[],\"comment\":\"event 5 object comment\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3635\",\"first_seen\":null,\"id\":\"18209\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1621592379\",\"uuid\":\"a62cb6fb-fa1c-45ce-abb8-b46da23631d5\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"5\",\"date\":\"2021-05-21\",\"disable_correlation\":false,\"distribution\":\"1\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3635\",\"info\":\"Test event 5 with an object\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1621592379\",\"uuid\":\"8b8786f1-07f2-4bfc-a3f0-e63c22fcc25e\"}}", "type": "indicator" @@ -1438,7 +1420,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230601889Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266278\",\"last_seen\":null,\"object_id\":\"18210\",\"object_relation\":\"text\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200348\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"955e34a5-a630-42c9-868d-6e3dcb575987\",\"value\":\"Excutable create bad pipe\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18210\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1622200348\",\"uuid\":\"afe43d99-d8b6-47fa-8e7b-3d3ece2f8366\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1529,7 +1510,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230602838Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266281\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"size-in-bytes\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":false,\"type\":\"size-in-bytes\",\"uuid\":\"2fa7721b-ad73-4914-b082-8d44233ced98\",\"value\":\"3892\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1620,7 +1600,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230603710Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266283\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"name\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"d35c1ff8-a69c-482b-8fb0-1182988d9468\",\"value\":\".data\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1711,7 +1690,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230604580Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266284\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"text\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":false,\"type\":\"text\",\"uuid\":\"dc11971a-a676-4676-b24c-a45a8791e0b0\",\"value\":\"Extracted zip archive data\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1802,7 +1780,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230605464Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Other\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266285\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"entropy\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":false,\"type\":\"float\",\"uuid\":\"a85c0cbb-25a8-4bc9-b146-3cba1020e5bb\",\"value\":\"7.93280431051\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1893,7 +1870,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230606440Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266279\",\"last_seen\":null,\"object_id\":\"18210\",\"object_relation\":\"md5\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200348\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"1c97c043-5de2-41a1-b591-3237174cd290\",\"value\":\"7392463caf95534d56460bc9f360adc1\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18210\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1622200348\",\"uuid\":\"afe43d99-d8b6-47fa-8e7b-3d3ece2f8366\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -1988,7 +1964,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230607312Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266282\",\"last_seen\":null,\"object_id\":\"18211\",\"object_relation\":\"md5\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200780\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"f3b8696e-5390-4383-ace2-6e06bfae497d\",\"value\":\"7295463caf95534d56460bc9f360adc1\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"Object describing a section of a Portable Executable\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18211\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"pe-section\",\"sharing_group_id\":\"0\",\"template_uuid\":\"198a17d2-a135-4b25-9a32-5aa4e632014a\",\"template_version\":\"3\",\"timestamp\":\"1622200780\",\"uuid\":\"023be568-34d6-4df4-ae88-f4de0dbfcd9d\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" @@ -2083,7 +2058,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:17.230608196Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Artifacts dropped\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266277\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1622200249\",\"to_ids\":false,\"type\":\"windows-service-name\",\"uuid\":\"3bd56a61-77f0-4885-8d1c-8bd2e39b65fb\",\"value\":\"badmojopipe\"},\"EventReport\":[],\"Galaxy\":[],\"Object\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"\",\"deleted\":false,\"disable_correlation\":true,\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"266280\",\"last_seen\":null,\"object_id\":\"18210\",\"object_relation\":\"filename\",\"sharing_group_id\":\"0\",\"timestamp\":\"1622200348\",\"to_ids\":true,\"type\":\"filename\",\"uuid\":\"2dfcb937-e6af-4b5d-ad50-f8eb975990f3\",\"value\":\"badmojopipe.exe\"},\"ObjectReference\":[],\"comment\":\"\",\"deleted\":false,\"description\":\"File object describing a file with meta-information\",\"distribution\":\"5\",\"event_id\":\"3636\",\"first_seen\":null,\"id\":\"18210\",\"last_seen\":null,\"meta-category\":\"file\",\"name\":\"file\",\"sharing_group_id\":\"0\",\"template_uuid\":\"688c46fb-5edb-40a3-8273-1af7923e2215\",\"template_version\":\"22\",\"timestamp\":\"1622200348\",\"uuid\":\"afe43d99-d8b6-47fa-8e7b-3d3ece2f8366\"},\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"Orgc\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"78acad2d-cc2d-4785-94d6-b428a0070488\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"analysis\":\"0\",\"attribute_count\":\"9\",\"date\":\"2021-05-28\",\"disable_correlation\":false,\"distribution\":\"0\",\"event_creator_email\":\"admin@admin.test\",\"extends_uuid\":\"\",\"id\":\"3636\",\"info\":\"Test event 6 with multiple objects and multiple attributes\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"1\",\"proposal_email_lock\":false,\"publish_timestamp\":\"0\",\"published\":false,\"sharing_group_id\":\"0\",\"threat_level_id\":\"1\",\"timestamp\":\"1622200781\",\"uuid\":\"81aea1d1-bb23-4bcd-9b0c-496e9ce028df\"}}", "type": "indicator" diff --git a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json index b0a8b3e4e4e..34b6b4f9039 100644 --- a/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json +++ b/packages/ti_misp/data_stream/threat/_dev/test/pipeline/test-misp-sample-ndjson.log-expected.json @@ -7,7 +7,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443557812Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"Payload delivery\",\"comment\":\"- Xchecked via VT: a683494fc0d017fd3b4638f8b84caaaac145cc28bc211bd7361723368b4bb21e\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"5\",\"first_seen\":null,\"id\":\"351\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1503930272\",\"to_ids\":true,\"type\":\"md5\",\"uuid\":\"59a427a0-f6f8-4178-9e7d-dfd702de0b81\",\"value\":\"f2679bdabe46e10edc6352fff3c829bc\"},\"EventReport\":[],\"Galaxy\":[{\"GalaxyCluster\":[{\"authors\":[\"https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml\",\"http://pastebin.com/raw/GHgpWjar\",\"MISP Project\"],\"collection_uuid\":\"10cf658b-5d32-4c4b-bb32-61760a640372\",\"description\":\"It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS \\\\u003e Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com. CrySiS variant\",\"galaxy_id\":\"43\",\"id\":\"6619\",\"local\":false,\"meta\":{\"date\":[\"November 2016\"],\"encryption\":[\"AES + RSA-512\"],\"extensions\":[\".dharma\",\".wallet\",\".zzzzz\",\".cmb\",\".id-BCBEF350.[paymentbtc@firemail.cc].cmb\",\".bip\",\".id-BCBEF350.[Beamsell@qq.com].bip\",\".boost\",\".[Darknes@420blaze.it].waifu\",\".brrr\",\".adobe\",\".tron\",\".AUDIT\",\".cccmn\",\".fire\",\".myjob\",\".[cyberwars@qq.com].war\",\".risk\",\".RISK\",\".bkpx\",\".[newsantaclaus@aol.com].santa\"],\"payment-method\":[\"Bitcoin - Email\"],\"ransomnotes\":[\"all your data has been locked us\\\\nYou want to return?\\\\nwrite email paymentbtc@firemail.cc\",\"All your files have been encrypted!\\\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paymentbtc@firemail.cc\\\\nWrite this ID in the title of your message ACBFF130\\\\nIn case of no answer in 24 hours write us to theese e-mails:paymentbtc@firemail.cc\\\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\\\\nFree decryption as guarantee\\\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\\\\nHow to obtain Bitcoins\\\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\\\\nhttps://localbitcoins.com/buy_bitcoins\\\\nAlso you can find other places to buy Bitcoins and beginners guide here:\\\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/\\\\nAttention!\\\\nDo not rename encrypted files.\\\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.\",\"All your files have been encrypted!\\\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Beamsell@qq.com\\\\nWrite this ID in the title of your message BCBEF350\\\\nIn case of no answer in 24 hours write us to theese e-mails:Beamsell@qq.com\\\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. \\\\nFree decryption as guarantee\\\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) \\\\nHow to obtain Bitcoins\\\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. \\\\nhttps://localbitcoins.com/buy_bitcoins \\\\nAlso you can find other places to buy Bitcoins and beginners guide here: \\\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/ \\\\nAttention!\\\\nDo not rename encrypted files. \\\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.\",\"all your data has been locked us\\\\nYou want to return?\\\\nwrite email Beamsell@qq.com\"],\"ransomnotes-filenames\":[\"README.txt\",\"README.jpg\",\"Info.hta\",\"FILES ENCRYPTED.txt\",\"INFO.hta\"],\"ransomnotes-refs\":[\"https://www.bleepstatic.com/images/news/ransomware/d/dharma/cmb/hta-ransom-note.jpg\",\"https://pbs.twimg.com/media/Dmof_FiXsAAAvTN.jpg\",\"https://pbs.twimg.com/media/Dmof_FyXsAEJmgQ.jpg\",\"https://pbs.twimg.com/media/DrWqLWzXgAc4SlG.jpg\",\"https://pbs.twimg.com/media/DuEBIMBW0AANnGW.jpg\"],\"refs\":[\"https://id-ransomware.blogspot.co.il/2016/11/dharma-ransomware.html\",\"https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/\",\"https://www.bleepingcomputer.com/news/security/new-cmb-dharma-ransomware-variant-released/\",\"https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/\",\"https://twitter.com/demonslay335/status/1049313390097813504\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/\",\"https://twitter.com/JakubKroustek/status/1038680437508501504\",\"https://twitter.com/demonslay335/status/1059521042383814657\",\"https://twitter.com/demonslay335/status/1059940414147489792\",\"https://twitter.com/JakubKroustek/status/1060825783197933568\",\"https://twitter.com/JakubKroustek/status/1064061275863425025\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/\",\"https://www.youtube.com/watch?v=qjoYtwLx2TI\",\"https://twitter.com/GrujaRS/status/1072139616910757888\"]},\"source\":\"Various\",\"tag_id\":\"23\",\"tag_name\":\"misp-galaxy:ransomware=\\\"Dharma Ransomware\\\"\",\"type\":\"ransomware\",\"uuid\":\"2b365b2c-4a9a-4b66-804d-3b2d2814fe7b\",\"value\":\"Dharma Ransomware\",\"version\":\"86\"}],\"description\":\"Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml\",\"icon\":\"btc\",\"id\":\"43\",\"name\":\"Ransomware\",\"namespace\":\"misp\",\"type\":\"ransomware\",\"uuid\":\"3f44af2e-1480-4b6b-9aa8-f9bb21341078\",\"version\":\"4\"}],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"2\",\"local\":false,\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"Tag\":[{\"colour\":\"#0088cc\",\"exportable\":true,\"hide_tag\":false,\"id\":\"23\",\"local\":0,\"name\":\"misp-galaxy:ransomware=\\\"Dharma Ransomware\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#004646\",\"exportable\":true,\"hide_tag\":false,\"id\":\"21\",\"local\":0,\"name\":\"type:OSINT\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#ffffff\",\"exportable\":true,\"hide_tag\":false,\"id\":\"2\",\"local\":0,\"name\":\"tlp:white\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#2c4f00\",\"exportable\":true,\"hide_tag\":false,\"id\":\"24\",\"local\":0,\"name\":\"malware_classification:malware-category=\\\"Ransomware\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#00223b\",\"exportable\":true,\"hide_tag\":false,\"id\":\"3\",\"local\":0,\"name\":\"osint:source-type=\\\"blog - post\\\"\",\"numerical_value\":null,\"user_id\":\"0\"}],\"analysis\":\"2\",\"attribute_count\":\"7\",\"date\":\"2017-08-25\",\"disable_correlation\":false,\"distribution\":\"3\",\"extends_uuid\":\"\",\"id\":\"5\",\"info\":\"OSINT - New Arena Crysis Ransomware Variant Released\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"2\",\"proposal_email_lock\":false,\"publish_timestamp\":\"1603226331\",\"published\":true,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1503930276\",\"uuid\":\"59a3d08d-5dc8-4153-bc7c-456d950d210f\"}}", "type": "indicator" @@ -86,7 +85,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443560471Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"id\":\"10794\",\"type\":\"domain|ip\",\"category\":\"Network activity\",\"to_ids\":false,\"uuid\":\"5bf30242-8ef4-4c52-a2d7-0b7b0a016219\",\"event_id\":\"14\",\"distribution\":\"5\",\"timestamp\":\"1542652482\",\"comment\":\"1st stage\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"your-ip.getmyip.com|89.160.20.156\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"EventReport\":[],\"Galaxy\":[{\"GalaxyCluster\":[{\"authors\":[\"https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml\",\"http://pastebin.com/raw/GHgpWjar\",\"MISP Project\"],\"collection_uuid\":\"10cf658b-5d32-4c4b-bb32-61760a640372\",\"description\":\"It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS \\\\u003e Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com. CrySiS variant\",\"galaxy_id\":\"43\",\"id\":\"6619\",\"local\":false,\"meta\":{\"date\":[\"November 2016\"],\"encryption\":[\"AES + RSA-512\"],\"extensions\":[\".dharma\",\".wallet\",\".zzzzz\",\".cmb\",\".id-BCBEF350.[paymentbtc@firemail.cc].cmb\",\".bip\",\".id-BCBEF350.[Beamsell@qq.com].bip\",\".boost\",\".[Darknes@420blaze.it].waifu\",\".brrr\",\".adobe\",\".tron\",\".AUDIT\",\".cccmn\",\".fire\",\".myjob\",\".[cyberwars@qq.com].war\",\".risk\",\".RISK\",\".bkpx\",\".[newsantaclaus@aol.com].santa\"],\"payment-method\":[\"Bitcoin - Email\"],\"ransomnotes\":[\"all your data has been locked us\\\\nYou want to return?\\\\nwrite email paymentbtc@firemail.cc\",\"All your files have been encrypted!\\\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paymentbtc@firemail.cc\\\\nWrite this ID in the title of your message ACBFF130\\\\nIn case of no answer in 24 hours write us to theese e-mails:paymentbtc@firemail.cc\\\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\\\\nFree decryption as guarantee\\\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\\\\nHow to obtain Bitcoins\\\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\\\\nhttps://localbitcoins.com/buy_bitcoins\\\\nAlso you can find other places to buy Bitcoins and beginners guide here:\\\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/\\\\nAttention!\\\\nDo not rename encrypted files.\\\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.\",\"All your files have been encrypted!\\\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Beamsell@qq.com\\\\nWrite this ID in the title of your message BCBEF350\\\\nIn case of no answer in 24 hours write us to theese e-mails:Beamsell@qq.com\\\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. \\\\nFree decryption as guarantee\\\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) \\\\nHow to obtain Bitcoins\\\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. \\\\nhttps://localbitcoins.com/buy_bitcoins \\\\nAlso you can find other places to buy Bitcoins and beginners guide here: \\\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/ \\\\nAttention!\\\\nDo not rename encrypted files. \\\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.\",\"all your data has been locked us\\\\nYou want to return?\\\\nwrite email Beamsell@qq.com\"],\"ransomnotes-filenames\":[\"README.txt\",\"README.jpg\",\"Info.hta\",\"FILES ENCRYPTED.txt\",\"INFO.hta\"],\"ransomnotes-refs\":[\"https://www.bleepstatic.com/images/news/ransomware/d/dharma/cmb/hta-ransom-note.jpg\",\"https://pbs.twimg.com/media/Dmof_FiXsAAAvTN.jpg\",\"https://pbs.twimg.com/media/Dmof_FyXsAEJmgQ.jpg\",\"https://pbs.twimg.com/media/DrWqLWzXgAc4SlG.jpg\",\"https://pbs.twimg.com/media/DuEBIMBW0AANnGW.jpg\"],\"refs\":[\"https://id-ransomware.blogspot.co.il/2016/11/dharma-ransomware.html\",\"https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/\",\"https://www.bleepingcomputer.com/news/security/new-cmb-dharma-ransomware-variant-released/\",\"https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/\",\"https://twitter.com/demonslay335/status/1049313390097813504\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/\",\"https://twitter.com/JakubKroustek/status/1038680437508501504\",\"https://twitter.com/demonslay335/status/1059521042383814657\",\"https://twitter.com/demonslay335/status/1059940414147489792\",\"https://twitter.com/JakubKroustek/status/1060825783197933568\",\"https://twitter.com/JakubKroustek/status/1064061275863425025\",\"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/\",\"https://www.youtube.com/watch?v=qjoYtwLx2TI\",\"https://twitter.com/GrujaRS/status/1072139616910757888\"]},\"source\":\"Various\",\"tag_id\":\"23\",\"tag_name\":\"misp-galaxy:ransomware=\\\"Dharma Ransomware\\\"\",\"type\":\"ransomware\",\"uuid\":\"2b365b2c-4a9a-4b66-804d-3b2d2814fe7b\",\"value\":\"Dharma Ransomware\",\"version\":\"86\"}],\"description\":\"Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml\",\"icon\":\"btc\",\"id\":\"43\",\"name\":\"Ransomware\",\"namespace\":\"misp\",\"type\":\"ransomware\",\"uuid\":\"3f44af2e-1480-4b6b-9aa8-f9bb21341078\",\"version\":\"4\"}],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"2\",\"local\":false,\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"RelatedEvent\":[],\"ShadowAttribute\":[],\"Tag\":[{\"colour\":\"#0088cc\",\"exportable\":true,\"hide_tag\":false,\"id\":\"23\",\"local\":0,\"name\":\"misp-galaxy:ransomware=\\\"Dharma Ransomware\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#004646\",\"exportable\":true,\"hide_tag\":false,\"id\":\"21\",\"local\":0,\"name\":\"type:OSINT\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#ffffff\",\"exportable\":true,\"hide_tag\":false,\"id\":\"2\",\"local\":0,\"name\":\"tlp:white\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#2c4f00\",\"exportable\":true,\"hide_tag\":false,\"id\":\"24\",\"local\":0,\"name\":\"malware_classification:malware-category=\\\"Ransomware\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#00223b\",\"exportable\":true,\"hide_tag\":false,\"id\":\"3\",\"local\":0,\"name\":\"osint:source-type=\\\"blog - post\\\"\",\"numerical_value\":null,\"user_id\":\"0\"}],\"analysis\":\"2\",\"attribute_count\":\"7\",\"date\":\"2017-08-25\",\"disable_correlation\":false,\"distribution\":\"3\",\"extends_uuid\":\"\",\"id\":\"5\",\"info\":\"OSINT - New Arena Crysis Ransomware Variant Released\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"2\",\"proposal_email_lock\":false,\"publish_timestamp\":\"1603226331\",\"published\":true,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1503930276\",\"uuid\":\"59a3d08d-5dc8-4153-bc7c-456d950d210f\"}}", "type": "indicator" @@ -164,7 +162,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443561434Z", "kind": "enrichment", "original": "{\"Event\":{\"Attribute\":{\"Galaxy\":[],\"ShadowAttribute\":[],\"category\":\"External analysis\",\"comment\":\"Carbon sample - Xchecked via VT: a08b8371ead1919500a4759c2f46553620d5a9d9\",\"deleted\":false,\"disable_correlation\":false,\"distribution\":\"5\",\"event_id\":\"4\",\"first_seen\":null,\"id\":\"342\",\"last_seen\":null,\"object_id\":\"0\",\"object_relation\":null,\"sharing_group_id\":\"0\",\"timestamp\":\"1490878550\",\"to_ids\":false,\"type\":\"link\",\"uuid\":\"58dd0056-6e74-43d5-b58b-494802de0b81\",\"value\":\"https://www.virustotal.com/file/7fa4482bfbca550ce296d8e791b1091d60d733ea8042167fd0eb853530584452/analysis/1486030116/\"},\"EventReport\":[],\"Galaxy\":[{\"GalaxyCluster\":[{\"authors\":[\"Alexandre Dulaunoy\",\"Florian Roth\",\"Timo Steffens\",\"Christophe Vandeplas\",\"Dennis Rand\",\"raw-data\"],\"collection_uuid\":\"0d821b68-9d82-4c6d-86a6-1071a9e0f79f\",\"description\":\"Family of related sophisticated backdoor software - Name comes from Microsoft detection signature – anagram of Ultra (Ultra3) was a name of the fake driver). A macOS version exists but appears incomplete and lacking features...for now!\",\"galaxy_id\":\"36\",\"id\":\"5828\",\"local\":false,\"meta\":{\"refs\":[\"https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf\",\"https://objective-see.com/blog/blog_0x25.html#Snake\"],\"synonyms\":[\"Snake\",\"Uroburos\",\"Urouros\"],\"type\":[\"Backdoor\",\"Rootkit\"]},\"source\":\"MISP Project\",\"tag_id\":\"22\",\"tag_name\":\"misp-galaxy:tool=\\\"Turla\\\"\",\"type\":\"tool\",\"uuid\":\"22332d52-c0c2-443c-9ffb-f08c0d23722c\",\"value\":\"Turla\",\"version\":\"138\"}],\"description\":\"Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.\",\"icon\":\"optin-monster\",\"id\":\"36\",\"name\":\"Tool\",\"namespace\":\"misp\",\"type\":\"tool\",\"uuid\":\"9b8037f7-bc8f-4de1-a797-37266619bc0b\",\"version\":\"3\"}],\"Object\":[],\"Org\":{\"id\":\"1\",\"local\":true,\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"2\",\"local\":false,\"name\":\"CIRCL\",\"uuid\":\"55f6ea5e-2c60-40e5-964f-47a8950d210f\"},\"RelatedEvent\":[{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"4\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\"},\"analysis\":\"2\",\"date\":\"2015-01-20\",\"distribution\":\"3\",\"id\":\"369\",\"info\":\"OSINT Analysis of Project Cobra Another extensible framework used by the Uroburos’ actors from Gdata\",\"org_id\":\"1\",\"orgc_id\":\"4\",\"published\":true,\"threat_level_id\":\"1\",\"timestamp\":\"1498163317\",\"uuid\":\"54bf5a6f-ac50-4f71-9cd3-7080950d210b\"}},{\"Event\":{\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"982f7c55-684d-4eb9-8736-fb5f668b899d\"},\"Orgc\":{\"id\":\"4\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\"},\"analysis\":\"2\",\"date\":\"2014-11-20\",\"distribution\":\"3\",\"id\":\"621\",\"info\":\"Turla digging using TotalHash\",\"org_id\":\"1\",\"orgc_id\":\"4\",\"published\":true,\"threat_level_id\":\"2\",\"timestamp\":\"1498163604\",\"uuid\":\"546daad5-425c-4ac4-82c7-e07f950d210b\"}}],\"ShadowAttribute\":[],\"Tag\":[{\"colour\":\"#065100\",\"exportable\":true,\"hide_tag\":false,\"id\":\"22\",\"local\":0,\"name\":\"misp-galaxy:tool=\\\"Turla\\\"\",\"numerical_value\":null,\"user_id\":\"0\"},{\"colour\":\"#ffffff\",\"exportable\":true,\"hide_tag\":false,\"id\":\"2\",\"local\":0,\"name\":\"tlp:white\",\"numerical_value\":null,\"user_id\":\"0\"}],\"analysis\":\"2\",\"attribute_count\":\"100\",\"date\":\"2017-03-30\",\"disable_correlation\":false,\"distribution\":\"3\",\"extends_uuid\":\"\",\"id\":\"4\",\"info\":\"OSINT - Carbon Paper: Peering into Turla’s second stage backdoor\",\"locked\":false,\"org_id\":\"1\",\"orgc_id\":\"2\",\"proposal_email_lock\":false,\"publish_timestamp\":\"1603226330\",\"published\":true,\"sharing_group_id\":\"0\",\"threat_level_id\":\"3\",\"timestamp\":\"1493403824\",\"uuid\":\"58dcfe62-ed84-4e5e-b293-4991950d210f\"}}", "type": "indicator" @@ -242,7 +239,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443562256Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1077\",\"type\":\"sha256\",\"category\":\"External analysis\",\"to_ids\":true,\"uuid\":\"54324042-49fc-4628-a95e-44da950d210b\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1412579394\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"0a1103bc90725d4665b932f88e81d39eafa5823b0de3ab146e2d4548b7da79a0\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -318,7 +314,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443563032Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1084\",\"type\":\"ip-dst\",\"category\":\"Network activity\",\"to_ids\":true,\"uuid\":\"54324081-3308-4f1f-8674-4953950d210b\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1412579457\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"89.160.20.156\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -390,7 +385,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443563781Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1086\",\"type\":\"hostname\",\"category\":\"Network activity\",\"to_ids\":true,\"uuid\":\"543240dc-f068-437a-baa9-48f2950d210b\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1412579548\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"xenserver.ddns.net\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -464,7 +458,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443564520Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1089\",\"type\":\"text\",\"category\":\"External analysis\",\"to_ids\":false,\"uuid\":\"543240f9-64e8-41f2-958f-4e21950d210b\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1412579577\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"Nitro\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -536,7 +529,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443565272Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"1090\",\"type\":\"sha1\",\"category\":\"External analysis\",\"to_ids\":true,\"uuid\":\"56c625a7-f31c-460c-9ea1-c652950d210f\",\"event_id\":\"2\",\"distribution\":\"5\",\"timestamp\":\"1455826343\",\"comment\":\"Automatically added (via 7915aabb2e66ff14841e4ef0fbff7486)\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"0ea76f1586c008932d90c991dfdd5042f3aac8ea\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -612,7 +604,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443566021Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"2\",\"orgc_id\":\"2\",\"org_id\":\"1\",\"date\":\"2014-10-03\",\"threat_level_id\":\"2\",\"info\":\"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks\",\"published\":true,\"uuid\":\"54323f2c-e50c-4268-896c-4867950d210b\",\"attribute_count\":\"29\",\"analysis\":\"2\",\"timestamp\":\"1412579577\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610622316\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"2\",\"name\":\"CthulhuSPRL.be\",\"uuid\":\"55f6ea5f-fd34-43b8-ac1d-40cb950d210f\",\"local\":false},\"Attribute\":{\"id\":\"12394\",\"type\":\"domain\",\"category\":\"Network activity\",\"to_ids\":false,\"uuid\":\"572b4ab3-1af0-4d91-9cd5-07a1c0a8ab16\",\"event_id\":\"22\",\"distribution\":\"5\",\"timestamp\":\"1462454963\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"whatsapp.com\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"1\",\"name\":\"type:OSINT\",\"colour\":\"#004646\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"2\",\"name\":\"tlp:green\",\"colour\":\"#339900\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -686,7 +677,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443566767Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"158\",\"orgc_id\":\"5\",\"org_id\":\"1\",\"date\":\"2018-01-08\",\"threat_level_id\":\"1\",\"info\":\"Turla: Mosquito Whitepaper\",\"published\":true,\"uuid\":\"5a5395d1-40a0-45fc-b692-334a0a016219\",\"attribute_count\":\"61\",\"analysis\":\"0\",\"timestamp\":\"1535462417\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637953\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\",\"local\":false},\"Attribute\":{\"id\":\"17299\",\"type\":\"url\",\"category\":\"Network activity\",\"to_ids\":false,\"uuid\":\"5a53976c-e7c8-480d-a68a-2fc50a016219\",\"event_id\":\"158\",\"distribution\":\"5\",\"timestamp\":\"1515427692\",\"comment\":\"Fake adobe URL\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"http://get.adobe.com/stats/AbfFcBebD/?q=\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[{\"Event\":{\"id\":\"58\",\"date\":\"2018-08-17\",\"threat_level_id\":\"1\",\"info\":\"Turla Outlook White Paper\",\"published\":true,\"uuid\":\"5b773e07-e694-458b-b99c-27f30a016219\",\"analysis\":\"0\",\"timestamp\":\"1535462383\",\"distribution\":\"3\",\"org_id\":\"1\",\"orgc_id\":\"5\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\"},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\"}}}],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"7\",\"name\":\"misp-galaxy:threat-actor=\\\"Turla Group\\\"\",\"colour\":\"#0088cc\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":true,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"70\",\"name\":\"Turla\",\"colour\":\"#f20f53\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -766,7 +756,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443567507Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"158\",\"orgc_id\":\"5\",\"org_id\":\"1\",\"date\":\"2018-01-08\",\"threat_level_id\":\"1\",\"info\":\"Turla: Mosquito Whitepaper\",\"published\":true,\"uuid\":\"5a5395d1-40a0-45fc-b692-334a0a016219\",\"attribute_count\":\"61\",\"analysis\":\"0\",\"timestamp\":\"1535462417\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637953\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\",\"local\":false},\"Attribute\":{\"id\":\"17330\",\"type\":\"uri\",\"category\":\"Network activity\",\"to_ids\":false,\"uuid\":\"5a539ce1-3de0-4e34-8fc4-2fc50a016219\",\"event_id\":\"158\",\"distribution\":\"5\",\"timestamp\":\"1515429089\",\"comment\":\"Win32 backdoor C\u0026C URI\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"/scripts/m/query.php?id=\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[{\"Event\":{\"id\":\"58\",\"date\":\"2018-08-17\",\"threat_level_id\":\"1\",\"info\":\"Turla Outlook White Paper\",\"published\":true,\"uuid\":\"5b773e07-e694-458b-b99c-27f30a016219\",\"analysis\":\"0\",\"timestamp\":\"1535462383\",\"distribution\":\"3\",\"org_id\":\"1\",\"orgc_id\":\"5\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\"},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\"}}}],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"7\",\"name\":\"misp-galaxy:threat-actor=\\\"Turla Group\\\"\",\"colour\":\"#0088cc\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":true,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"70\",\"name\":\"Turla\",\"colour\":\"#f20f53\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -838,7 +827,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443568435Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"158\",\"orgc_id\":\"5\",\"org_id\":\"1\",\"date\":\"2018-01-08\",\"threat_level_id\":\"1\",\"info\":\"Turla: Mosquito Whitepaper\",\"published\":true,\"uuid\":\"5a5395d1-40a0-45fc-b692-334a0a016219\",\"attribute_count\":\"61\",\"analysis\":\"0\",\"timestamp\":\"1535462417\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637953\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\",\"local\":false},\"Attribute\":{\"id\":\"17322\",\"type\":\"filename|sha1\",\"category\":\"Artifacts dropped\",\"to_ids\":false,\"uuid\":\"5a539ce1-e6a0-426a-942c-2fc50a016219\",\"event_id\":\"158\",\"distribution\":\"5\",\"timestamp\":\"1515429089\",\"comment\":\"JavaScript backdoor\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"google_update_checker.js|c51d288469df9f25e2fb7ac491918b3e579282ea\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[{\"Event\":{\"id\":\"58\",\"date\":\"2018-08-17\",\"threat_level_id\":\"1\",\"info\":\"Turla Outlook White Paper\",\"published\":true,\"uuid\":\"5b773e07-e694-458b-b99c-27f30a016219\",\"analysis\":\"0\",\"timestamp\":\"1535462383\",\"distribution\":\"3\",\"org_id\":\"1\",\"orgc_id\":\"5\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\"},\"Orgc\":{\"id\":\"5\",\"name\":\"ESET\",\"uuid\":\"55f6ea5e-51ac-4344-bc8c-4170950d210f\"}}}],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"7\",\"name\":\"misp-galaxy:threat-actor=\\\"Turla Group\\\"\",\"colour\":\"#0088cc\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":true,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"70\",\"name\":\"Turla\",\"colour\":\"#f20f53\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -916,7 +904,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443569212Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"22\",\"orgc_id\":\"4\",\"org_id\":\"1\",\"date\":\"2015-12-08\",\"threat_level_id\":\"3\",\"info\":\"Packrat: Seven Years of a South American Threat Actor\",\"published\":true,\"uuid\":\"56ccdcaf-f7e4-40d8-bca1-51299062e56a\",\"attribute_count\":\"133\",\"analysis\":\"2\",\"timestamp\":\"1516723796\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637901\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"4\",\"name\":\"CUDESO\",\"uuid\":\"56c42374-fdb8-4544-a218-41ffc0a8ab16\",\"local\":false},\"Attribute\":{\"id\":\"12268\",\"type\":\"email-src\",\"category\":\"Payload delivery\",\"to_ids\":true,\"uuid\":\"56ccdcb6-4d6c-4e48-b955-52849062e56a\",\"event_id\":\"22\",\"distribution\":\"5\",\"timestamp\":\"1456266422\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"claudiobonadio88@gmail.com\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -989,7 +976,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443569952Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"22\",\"orgc_id\":\"4\",\"org_id\":\"1\",\"date\":\"2015-12-08\",\"threat_level_id\":\"3\",\"info\":\"Packrat: Seven Years of a South American Threat Actor\",\"published\":true,\"uuid\":\"56ccdcaf-f7e4-40d8-bca1-51299062e56a\",\"attribute_count\":\"133\",\"analysis\":\"2\",\"timestamp\":\"1516723796\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637901\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"4\",\"name\":\"CUDESO\",\"uuid\":\"56c42374-fdb8-4544-a218-41ffc0a8ab16\",\"local\":false},\"Attribute\":{\"id\":\"12298\",\"type\":\"regkey\",\"category\":\"Artifacts dropped\",\"to_ids\":true,\"uuid\":\"56ccdcd6-f4b8-4383-9624-52849062e56a\",\"event_id\":\"22\",\"distribution\":\"5\",\"timestamp\":\"1456266454\",\"comment\":\"\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Active\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" @@ -1062,7 +1048,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T02:05:24.443570697Z", "kind": "enrichment", "original": "{\"Event\":{\"id\":\"10\",\"orgc_id\":\"4\",\"org_id\":\"1\",\"date\":\"2020-12-09\",\"threat_level_id\":\"3\",\"info\":\"Recent Qakbot (Qbot) activity\",\"published\":true,\"uuid\":\"5fd0c599-ab6c-4ba1-a69a-df9ec0a8ab16\",\"attribute_count\":\"15\",\"analysis\":\"2\",\"timestamp\":\"1607868196\",\"distribution\":\"3\",\"proposal_email_lock\":false,\"locked\":false,\"publish_timestamp\":\"1610637888\",\"sharing_group_id\":\"0\",\"disable_correlation\":false,\"extends_uuid\":\"\",\"Org\":{\"id\":\"1\",\"name\":\"ORGNAME\",\"uuid\":\"5877549f-ea76-4b91-91fb-c72ad682b4a5\",\"local\":true},\"Orgc\":{\"id\":\"4\",\"name\":\"CUDESO\",\"uuid\":\"56c42374-fdb8-4544-a218-41ffc0a8ab16\",\"local\":false},\"Attribute\":{\"id\":\"10686\",\"type\":\"ip-dst|port\",\"category\":\"Network activity\",\"to_ids\":true,\"uuid\":\"5fd0c620-a844-4ace-9710-a37bc0a8ab16\",\"event_id\":\"10\",\"distribution\":\"5\",\"timestamp\":\"1607517728\",\"comment\":\"On port 2222\",\"sharing_group_id\":\"0\",\"deleted\":false,\"disable_correlation\":false,\"object_id\":\"0\",\"object_relation\":null,\"first_seen\":null,\"last_seen\":null,\"value\":\"89.160.20.156|2222\",\"Galaxy\":[],\"ShadowAttribute\":[]},\"ShadowAttribute\":[],\"RelatedEvent\":[],\"Galaxy\":[],\"Object\":[],\"EventReport\":[],\"Tag\":[{\"id\":\"3\",\"name\":\"tlp:white\",\"colour\":\"#ffffff\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":false,\"is_custom_galaxy\":false,\"local\":0},{\"id\":\"6\",\"name\":\"misp-galaxy:banker=\\\"Qakbot\\\"\",\"colour\":\"#0088cc\",\"exportable\":true,\"user_id\":\"0\",\"hide_tag\":false,\"numerical_value\":null,\"is_galaxy\":true,\"is_custom_galaxy\":false,\"local\":0}]}}", "type": "indicator" diff --git a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 5eed4995a49..ce9f44b3b44 100644 --- a/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_misp/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.2.0" diff --git a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json index 359b0e773d1..0403e888429 100644 --- a/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json +++ b/packages/ti_otx/data_stream/threat/_dev/test/pipeline/test-otx-sample-ndjson.log-expected.json @@ -6,7 +6,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285456447Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":1588938}", "type": "indicator" @@ -28,7 +27,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285458579Z", "kind": "enrichment", "original": "{\"indicator\":\"90421f8531f963d81cf54245b72cde80\",\"description\":\"MD5 of a5725af4391d21a232dc6d4ad33d7d915bd190bdac9b1826b73f364dc5c1aa65\",\"title\":\"Win32:Hoblig-B\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":9751110}", "type": "indicator" @@ -57,7 +55,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285459490Z", "kind": "enrichment", "original": "{\"indicator\":\"ip.anysrc.net\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"hostname\",\"id\":16782717}", "type": "indicator" @@ -81,7 +78,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285460266Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":19901748}", "type": "indicator" @@ -103,7 +99,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285461005Z", "kind": "enrichment", "original": "{\"indicator\":\"d8c70ca70fd3555a0828fede6cc1f59e2c320ede80157039b6a2f09c336d5f7a\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":31612067}", "type": "indicator" @@ -129,7 +124,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285461749Z", "kind": "enrichment", "original": "{\"indicator\":\"f8e58af3ffefd4037fef246e93a55dc8\",\"description\":\"MD5 of df9b37477a83189cd4541674e64ce29bf7bf98338ed0d635276660e0c6419d09\",\"title\":null,\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":34413770}", "type": "indicator" @@ -157,7 +151,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285462509Z", "kind": "enrichment", "original": "{\"indicator\":\"1c62f004d0c9b91d3467b1b8106772e667e7e2075470c2ec7982b63573c90c54\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":111154034}", "type": "indicator" @@ -183,7 +176,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285463283Z", "kind": "enrichment", "original": "{\"indicator\":\"8d24a14f2600482d0231396b6350cf21773335ec2f0b8919763317fdab78baae\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":151858953}", "type": "indicator" @@ -211,7 +203,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285464109Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":311294364}", "type": "indicator" @@ -233,7 +224,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285464853Z", "kind": "enrichment", "original": "{\"indicator\":\"c758ec922b173820374e552c2f015ac53cc5d9f99cc92080e608652aaa63695b\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":406540408}", "type": "indicator" @@ -259,7 +249,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285465599Z", "kind": "enrichment", "original": "{\"indicator\":\"0df586aa0334dcbe047d24ce859d00e537fdb5e0ca41886dab27479b6fc61ba6\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":565556753}", "type": "indicator" @@ -285,7 +274,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285466498Z", "kind": "enrichment", "original": "{\"indicator\":\"aeb08b0651bc8a13dcf5e5f6c0d482f8\",\"description\":\"MD5 of 0df586aa0334dcbe047d24ce859d00e537fdb5e0ca41886dab27479b6fc61ba6\",\"title\":null,\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":565556755}", "type": "indicator" @@ -313,7 +301,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285467248Z", "kind": "enrichment", "original": "{\"indicator\":\"6df5e1a017dff52020c7ff6ad92fdd37494e31769e1be242f6b23d1ea2d60140\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":575672549}", "type": "indicator" @@ -339,7 +326,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285467990Z", "kind": "enrichment", "original": "{\"indicator\":\"c72fef3835f65cb380f6920b22c3488554d1af6d298562ccee92284f265c9619\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":575672550}", "type": "indicator" @@ -365,7 +351,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285468731Z", "kind": "enrichment", "original": "{\"indicator\":\"e711fcd0f182b214c6ec74011a395f4c853068d59eb7c57f90c4a3e1de64434a\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":995160791}", "type": "indicator" @@ -391,7 +376,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285469487Z", "kind": "enrichment", "original": "{\"indicator\":\"d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1011989699}", "type": "indicator" @@ -417,7 +401,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285470336Z", "kind": "enrichment", "original": "{\"indicator\":\"70447996722e5c04514d20b7a429d162b46546002fb0c87f512b40f16bac99bb\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1011989701}", "type": "indicator" @@ -443,7 +426,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285471093Z", "kind": "enrichment", "original": "{\"indicator\":\"29340643ca2e6677c19e1d3bf351d654\",\"description\":\"MD5 of 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1472176322}", "type": "indicator" @@ -472,7 +454,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285471833Z", "kind": "enrichment", "original": "{\"indicator\":\"86c314bc2dc37ba84f7364acd5108c2b\",\"description\":\"MD5 of 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1472457325}", "type": "indicator" @@ -501,7 +482,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285472575Z", "kind": "enrichment", "original": "{\"indicator\":\"cb0c1248d3899358a375888bb4e8f3fe\",\"description\":\"MD5 of 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56\",\"title\":\"Trojan:Win32/Occamy.B\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1472457326}", "type": "indicator" @@ -530,7 +510,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285473335Z", "kind": "enrichment", "original": "{\"indicator\":\"d348f536e214a47655af387408b4fca5\",\"description\":\"MD5 of 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1472457327}", "type": "indicator" @@ -559,7 +538,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285474088Z", "kind": "enrichment", "original": "{\"indicator\":\"29ff1903832827e328ad9ec05fdf268eadd6db8b613597cf65f8740c211be413\",\"description\":null,\"title\":\"vad_contains_network_strings\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1546012751}", "type": "indicator" @@ -587,7 +565,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285474833Z", "kind": "enrichment", "original": "{\"indicator\":\"b105891f90b2a8730bbadf02b5adeccbba539883bf75dec2ff7a5a97625dd222\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1546012939}", "type": "indicator" @@ -613,7 +590,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285475678Z", "kind": "enrichment", "original": "{\"indicator\":\"e4db5405ac7ab517d43722e1ca8d653ea4a32802bc8a5410d032275eedc7b7ee\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1546012967}", "type": "indicator" @@ -639,7 +615,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285476433Z", "kind": "enrichment", "original": "{\"indicator\":\"465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa\",\"description\":null,\"title\":\"Win.Malware.TrickbotSystemInfo-6335590-0\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1564141498}", "type": "indicator" @@ -667,7 +642,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285477175Z", "kind": "enrichment", "original": "{\"indicator\":\"5051906d6ed1b2ae9c9a9f070ef73c9be8f591d2e41d144649a0dc96e28d0400\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1564141523}", "type": "indicator" @@ -693,7 +667,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285477930Z", "kind": "enrichment", "original": "{\"indicator\":\"14b74cb9be8cad8eb5fa8842d00bb692\",\"description\":\"MD5 of 465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa\",\"title\":\"Win.Malware.TrickbotSystemInfo-6335590-0\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1564142109}", "type": "indicator" @@ -722,7 +695,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285478688Z", "kind": "enrichment", "original": "{\"indicator\":\"a5b59f7d133e354dfc73f40517aab730f322f0ef\",\"description\":\"SHA1 of 465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa\",\"title\":\"Win.Malware.TrickbotSystemInfo-6335590-0\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1564142964}", "type": "indicator" @@ -751,7 +723,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285479440Z", "kind": "enrichment", "original": "{\"indicator\":\"8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1566067095}", "type": "indicator" @@ -777,7 +748,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285480186Z", "kind": "enrichment", "original": "{\"indicator\":\"ff2dcea4963e060a658f4dffbb119529\",\"description\":\"MD5 of 5cb822616d2c9435c9ddd060d6abdbc286ab57cfcf6dc64768c52976029a925b\",\"title\":\"vad_contains_network_strings\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1566999970}", "type": "indicator" @@ -806,7 +776,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285480932Z", "kind": "enrichment", "original": "{\"indicator\":\"0d73f1a1c4b2f8723fffc83eb3d00f31\",\"description\":\"MD5 of 29ff1903832827e328ad9ec05fdf268eadd6db8b613597cf65f8740c211be413\",\"title\":\"vad_contains_network_strings\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":1569290125}", "type": "indicator" @@ -835,7 +804,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285481673Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":1592876453}", "type": "indicator" @@ -857,7 +825,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285482426Z", "kind": "enrichment", "original": "{\"indicator\":\"d35a30264c0698709ad554489004e0077e263d354ced0c54552a0b500f91ecc0\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1597058431}", "type": "indicator" @@ -883,7 +850,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285483161Z", "kind": "enrichment", "original": "{\"indicator\":\"5264b455f453820be629a324196131492ff03c80491e823ac06657c9387250dd\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1603343478}", "type": "indicator" @@ -909,7 +875,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285484Z", "kind": "enrichment", "original": "{\"indicator\":\"1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56\",\"description\":null,\"title\":\"Trojan:Win32/Occamy.B\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260302}", "type": "indicator" @@ -937,7 +902,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285484738Z", "kind": "enrichment", "original": "{\"indicator\":\"3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260304}", "type": "indicator" @@ -965,7 +929,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285485477Z", "kind": "enrichment", "original": "{\"indicator\":\"b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260305}", "type": "indicator" @@ -991,7 +954,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285486235Z", "kind": "enrichment", "original": "{\"indicator\":\"113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260310}", "type": "indicator" @@ -1019,7 +981,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285486974Z", "kind": "enrichment", "original": "{\"indicator\":\"9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260311}", "type": "indicator" @@ -1047,7 +1008,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285487720Z", "kind": "enrichment", "original": "{\"indicator\":\"c51024bb119211c335f95e731cfa9a744fcdb645a57d35fb379d01b7dbdd098e\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":1606260316}", "type": "indicator" @@ -1073,7 +1033,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285488483Z", "kind": "enrichment", "original": "{\"indicator\":\"ad20c6fac565f901c82a21b70f9739037eb54818\",\"description\":\"SHA1 of 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1606260341}", "type": "indicator" @@ -1102,7 +1061,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285489222Z", "kind": "enrichment", "original": "{\"indicator\":\"13f11e273f9a4a56557f03821c3bfd591cca6ebc\",\"description\":\"SHA1 of 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1606260344}", "type": "indicator" @@ -1131,7 +1089,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285489970Z", "kind": "enrichment", "original": "{\"indicator\":\"1581fe76e3c96dc33182daafd09c8cf5c17004e0\",\"description\":\"SHA1 of 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec\",\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1606260353}", "type": "indicator" @@ -1160,7 +1117,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285490717Z", "kind": "enrichment", "original": "{\"indicator\":\"b72e75e9e901a44b655a5cf89cf0eadcaff46037\",\"description\":\"SHA1 of 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56\",\"title\":\"Trojan:Win32/Occamy.B\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":1606260364}", "type": "indicator" @@ -1189,7 +1145,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285491459Z", "kind": "enrichment", "original": "{\"indicator\":\"maper.info\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":1634015726}", "type": "indicator" @@ -1213,7 +1168,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285492208Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":1635374317}", "type": "indicator" @@ -1235,7 +1189,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285492950Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":1756014820}", "type": "indicator" @@ -1257,7 +1210,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285493687Z", "kind": "enrichment", "original": "{\"indicator\":\"9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543412}", "type": "indicator" @@ -1285,7 +1237,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285494427Z", "kind": "enrichment", "original": "{\"indicator\":\"be9fb556a3c7aef0329e768d7f903e7dd42a821abc663e11fb637ce33b007087\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543416}", "type": "indicator" @@ -1313,7 +1264,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285495171Z", "kind": "enrichment", "original": "{\"indicator\":\"3bfec096c4837d1e6485fe0ae0ea6f1c0b44edc611d4f2204cc9cf73c985cbc2\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543440}", "type": "indicator" @@ -1341,7 +1291,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285496018Z", "kind": "enrichment", "original": "{\"indicator\":\"dff2e39b2e008ea89a3d6b36dcd9b8c927fb501d60c1ad5a52ed1ffe225da2e2\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543441}", "type": "indicator" @@ -1369,7 +1318,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285496760Z", "kind": "enrichment", "original": "{\"indicator\":\"6b4d271a48d118843aee3dee4481fa2930732ed7075db3241a8991418f00d92b\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543445}", "type": "indicator" @@ -1397,7 +1345,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285497500Z", "kind": "enrichment", "original": "{\"indicator\":\"26de4265303491bed1424d85b263481ac153c2b3513f9ee48ffb42c12312ac43\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543456}", "type": "indicator" @@ -1425,7 +1372,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285498234Z", "kind": "enrichment", "original": "{\"indicator\":\"02f54da6c6f2f87ff7b713d46e058dedac1cedabd693643bb7f6dfe994b2105d\",\"description\":null,\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2114543458}", "type": "indicator" @@ -1453,7 +1399,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285498974Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2114754074}", "type": "indicator" @@ -1475,7 +1420,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285499740Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2114754077}", "type": "indicator" @@ -1497,7 +1441,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285500488Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2114754078}", "type": "indicator" @@ -1519,7 +1462,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285501229Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2114754080}", "type": "indicator" @@ -1541,7 +1483,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285501975Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2117062744}", "type": "indicator" @@ -1563,7 +1504,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285502716Z", "kind": "enrichment", "original": "{\"indicator\":\"e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"FileHash-SHA256\",\"id\":2117884668}", "type": "indicator" @@ -1589,7 +1529,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285503470Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2119746545}", "type": "indicator" @@ -1611,7 +1550,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285504208Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2129763785}", "type": "indicator" @@ -1633,7 +1571,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285504946Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2136050161}", "type": "indicator" @@ -1655,7 +1592,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285505689Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":\"Trickbot\",\"content\":\"\",\"type\":\"IPv4\",\"id\":2136079568}", "type": "indicator" @@ -1679,7 +1615,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285506426Z", "kind": "enrichment", "original": "{\"indicator\":\"fotmailz.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2137741373}", "type": "indicator" @@ -1703,7 +1638,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285507169Z", "kind": "enrichment", "original": "{\"indicator\":\"pori89g5jqo3v8.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2137741468}", "type": "indicator" @@ -1727,7 +1661,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285507932Z", "kind": "enrichment", "original": "{\"indicator\":\"sebco.co.ke\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2178708355}", "type": "indicator" @@ -1751,7 +1684,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285508681Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":\"Trickbot\",\"content\":\"\",\"type\":\"IPv4\",\"id\":2180669102}", "type": "indicator" @@ -1775,7 +1707,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285509416Z", "kind": "enrichment", "original": "{\"indicator\":\"chishir.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2186034800}", "type": "indicator" @@ -1799,7 +1730,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285510151Z", "kind": "enrichment", "original": "{\"indicator\":\"kostunivo.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2186034803}", "type": "indicator" @@ -1823,7 +1753,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285510896Z", "kind": "enrichment", "original": "{\"indicator\":\"mangoclone.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2186034805}", "type": "indicator" @@ -1847,7 +1776,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285511643Z", "kind": "enrichment", "original": "{\"indicator\":\"onixcellent.com\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"domain\",\"id\":2186034807}", "type": "indicator" @@ -1871,7 +1799,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285512411Z", "kind": "enrichment", "original": "{\"indicator\":\"fc0efd612ad528795472e99cae5944b68b8e26dc\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":2186034891}", "type": "indicator" @@ -1899,7 +1826,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285513152Z", "kind": "enrichment", "original": "{\"indicator\":\"24d4bbc982a6a561f0426a683b9617de1a96a74a\",\"description\":null,\"title\":\"Sf:ShellCode-DZ\\\\ [Trj]\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":2186034903}", "type": "indicator" @@ -1927,7 +1853,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285513991Z", "kind": "enrichment", "original": "{\"indicator\":\"fa98074dc18ad7e2d357b5d168c00a91256d87d1\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":2186034912}", "type": "indicator" @@ -1955,7 +1880,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285514734Z", "kind": "enrichment", "original": "{\"indicator\":\"e5dc7c8bfa285b61dda1618f0ade9c256be75d1a\",\"description\":null,\"title\":\"Win64:Malware-gen\",\"content\":\"\",\"type\":\"FileHash-SHA1\",\"id\":2186034924}", "type": "indicator" @@ -1983,7 +1907,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285515471Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":\"Trickbot\",\"content\":\"\",\"type\":\"IPv4\",\"id\":2189036445}", "type": "indicator" @@ -2007,7 +1930,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285516207Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2189036446}", "type": "indicator" @@ -2029,7 +1951,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285516954Z", "kind": "enrichment", "original": "{\"indicator\":\"89.160.20.156\",\"description\":null,\"title\":null,\"content\":\"\",\"type\":\"IPv4\",\"id\":2190596263}", "type": "indicator" @@ -2051,7 +1972,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285517697Z", "kind": "enrichment", "original": "{\"indicator\":\"10ec3571596c30b9993b89f12d29d23c\",\"description\":\"MD5 of 9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6\",\"title\":\"xor_0x20_xord_javascript\",\"content\":\"\",\"type\":\"FileHash-MD5\",\"id\":2192837907}", "type": "indicator" @@ -2080,7 +2000,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285518437Z", "kind": "enrichment", "original": "{\"id\":73,\"indicator\":\"http://www.playboysplus.com\",\"type\":\"URL\",\"title\":null,\"description\":null,\"content\":\"\"}", "type": "indicator" @@ -2108,7 +2027,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285519174Z", "kind": "enrichment", "original": "{\"id\":74,\"indicator\":\"http://join.playboysplus.com/signup/\",\"type\":\"URL\",\"title\":null,\"description\":null,\"content\":\"\"}", "type": "indicator" @@ -2136,7 +2054,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-25T01:59:38.285519907Z", "kind": "enrichment", "original": "{\"id\":970,\"indicator\":\"http://api.vk.com/method/wall.get?count=1\u0026owner_id=-81972386\",\"type\":\"URL\",\"title\":null,\"description\":null,\"content\":\"\"}", "type": "indicator" diff --git a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index 7feea82c196..8ce807b2392 100644 --- a/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_otx/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.2.0" diff --git a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json index 095824d0ea9..70f32e2a402 100644 --- a/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json +++ b/packages/ti_threatq/data_stream/threat/_dev/test/pipeline/test-threatq-sample-ndjson.log-expected.json @@ -7,7 +7,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536163684Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1877,\"indicator_id\":336,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1878,\"indicator_id\":336,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"MP\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1879,\"indicator_id\":336,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Saipan\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1880,\"indicator_id\":336,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1881,\"indicator_id\":336,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1882,\"indicator_id\":336,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"1ece659dcec98b1e1141160b55655c96\",\"id\":336,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":336,\"indicator_id\":336,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -57,7 +56,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536170206Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1883,\"indicator_id\":337,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1884,\"indicator_id\":337,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1885,\"indicator_id\":337,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1886,\"indicator_id\":337,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1887,\"indicator_id\":337,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1888,\"indicator_id\":337,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Sacramento\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"73c98d43519990c841a5d022546fedd4\",\"id\":337,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":337,\"indicator_id\":337,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -107,7 +105,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536171404Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1889,\"indicator_id\":338,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1890,\"indicator_id\":338,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1891,\"indicator_id\":338,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1892,\"indicator_id\":338,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1893,\"indicator_id\":338,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"New York\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1894,\"indicator_id\":338,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"a9c6773919112627495d87c51fe89b15\",\"id\":338,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":338,\"indicator_id\":338,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -157,7 +154,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536172400Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:43\",\"id\":184,\"indicator_id\":34,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:35:49\",\"updated_at\":\"2020-10-15 14:35:49\",\"value\":\"4\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:43\",\"id\":185,\"indicator_id\":34,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:35:49\",\"updated_at\":\"2020-10-15 14:35:49\",\"value\":\"3\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:43\",\"id\":186,\"indicator_id\":34,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:35:49\",\"updated_at\":\"2020-10-15 14:35:49\",\"value\":\"Malicious Host\"},{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:43\",\"id\":187,\"indicator_id\":34,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:35:49\",\"updated_at\":\"2020-10-15 14:35:49\",\"value\":\"2\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:41\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:02\",\"hash\":\"56f3cb07a9055f52947bb4c4244f762d\",\"id\":34,\"published_at\":\"2020-09-11 14:35:41\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:43\",\"creator_source_id\":12,\"id\":34,\"indicator_id\":34,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:43\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:35:49\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -201,7 +197,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536173394Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1901,\"indicator_id\":340,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1902,\"indicator_id\":340,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1903,\"indicator_id\":340,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1904,\"indicator_id\":340,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1905,\"indicator_id\":340,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1906,\"indicator_id\":340,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Sacramento\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"97624a37200db6ba0bcfce8c9c28f527\",\"id\":340,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":340,\"indicator_id\":340,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -251,7 +246,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536174379Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1907,\"indicator_id\":341,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1908,\"indicator_id\":341,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1909,\"indicator_id\":341,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1910,\"indicator_id\":341,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Houston\"},{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1911,\"indicator_id\":341,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1912,\"indicator_id\":341,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"56a1917632c03f230c5645f432e71495\",\"id\":341,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":341,\"indicator_id\":341,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\",\"provider\":\"testprovider\",\"tlp_name\":\"testtlp\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -309,7 +303,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536175348Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1913,\"indicator_id\":342,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1914,\"indicator_id\":342,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Fort Lauderdale\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1915,\"indicator_id\":342,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1916,\"indicator_id\":342,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1917,\"indicator_id\":342,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1918,\"indicator_id\":342,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"6de45834c2a81597b59a91ead4fbdf59\",\"id\":342,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":342,\"indicator_id\":342,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -359,7 +352,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536176330Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1919,\"indicator_id\":343,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1920,\"indicator_id\":343,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Pompano Beach\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1921,\"indicator_id\":343,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1922,\"indicator_id\":343,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1923,\"indicator_id\":343,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1924,\"indicator_id\":343,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"994a4586b27e46db67a59220ab6dd73f\",\"id\":343,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":343,\"indicator_id\":343,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -409,7 +401,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536177311Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1937,\"indicator_id\":346,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1938,\"indicator_id\":346,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1939,\"indicator_id\":346,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1940,\"indicator_id\":346,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1941,\"indicator_id\":346,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Little Elm\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1942,\"indicator_id\":346,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"40e81e10007099902cf40cfe3a8227dc\",\"id\":346,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":346,\"indicator_id\":346,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" @@ -459,7 +450,6 @@ }, "event": { "category": "threat", - "ingested": "2022-01-24T02:08:53.536178276Z", "kind": "enrichment", "original": "{\"adversaries\":[],\"attributes\":[{\"attribute_id\":7,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1943,\"indicator_id\":347,\"name\":\"AlienVault Threat Level\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"2\"},{\"attribute_id\":4,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1944,\"indicator_id\":347,\"name\":\"Country\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"US\"},{\"attribute_id\":3,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1945,\"indicator_id\":347,\"name\":\"Description\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Malicious Host\"},{\"attribute_id\":6,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1946,\"indicator_id\":347,\"name\":\"AlienVault Revision\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"3\"},{\"attribute_id\":5,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1947,\"indicator_id\":347,\"name\":\"City\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"Dallas\"},{\"attribute_id\":8,\"created_at\":\"2020-09-11 14:35:53\",\"id\":1948,\"indicator_id\":347,\"name\":\"AlienVault Reliability\",\"touched_at\":\"2020-10-15 14:36:00\",\"updated_at\":\"2020-10-15 14:36:00\",\"value\":\"4\"}],\"class\":\"network\",\"created_at\":\"2020-09-11 14:35:51\",\"expired_at\":\"2020-11-15 00:00:02\",\"expires_calculated_at\":\"2020-10-15 14:40:03\",\"hash\":\"418a88a2a1bac6980a7d83e6b2b2a27d\",\"id\":347,\"published_at\":\"2020-09-11 14:35:51\",\"score\":4,\"sources\":[{\"created_at\":\"2020-09-11 14:35:53\",\"creator_source_id\":12,\"id\":347,\"indicator_id\":347,\"indicator_status_id\":2,\"indicator_type_id\":15,\"name\":\"AlienVault OTX\",\"published_at\":\"2020-09-11 14:35:53\",\"reference_id\":1,\"source_expire_days\":\"30\",\"source_id\":12,\"source_score\":1,\"source_type\":\"connectors\",\"updated_at\":\"2020-10-15 14:36:00\"}],\"status\":{\"description\":\"No longer poses a serious threat.\",\"id\":2,\"name\":\"Expired\"},\"status_id\":2,\"touched_at\":\"2021-06-07 19:47:27\",\"type\":{\"class\":\"network\",\"id\":15,\"name\":\"IP Address\"},\"type_id\":15,\"updated_at\":\"2020-11-15 00:00:02\",\"value\":\"89.160.20.156\"}", "type": "indicator" diff --git a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index a27bedc1b8b..7b3718fcaac 100644 --- a/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_threatq/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: #################### # Event ECS fields # #################### - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.2.0" diff --git a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index e3f85d61b15..2c749271703 100644 --- a/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/tomcat/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -4,9 +4,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078826810Z" - }, "message": "%APACHETOMCAT-1516-asdf: 10.251.224.219||eacommod||rci||[29/Jan/2016:6:09:59 OMST]||exercita||https://example.com/illumqui/ventore.html?min=ite#utl||vol||amremap||oremi||ntsunti||5293||https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aliqu", "tags": [ "preserve_original_event" @@ -16,9 +13,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078830153Z" - }, "message": "%APACHETOMCAT-259-CFYZ: 10.196.153.12||sequa||abo||[12/Feb/2016:1:12:33 PST]||umqui||https://www5.example.net/mdolo/mqui.htm?sumdo=litesse#orev||pisciv||uii||umexe||estlabo||5222||https://mail.example.com/uat/eporr.jpg?byCicer=luptat#agn||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||nulapari", "tags": [ "preserve_original_event" @@ -28,9 +22,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078831224Z" - }, "message": "February 26 20:15:08 ctetur5806.api.home %APACHETOMCAT- COOK: 10.156.194.38||gnaali||enatus||[26/Feb/2016:8:15:08 PT]||incid||https://internal.example.com/tetur/idolor.html?ntex=eius#luptat||emape||aer||lupt||tia||7019||https://www.example.com/quis/orisn.txt?anti=ofdeF#metcons||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||nul", "tags": [ "preserve_original_event" @@ -40,9 +31,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078832137Z" - }, "message": "%APACHETOMCAT-1060-INDEX: 10.196.118.192||tinculp||tur||[12/Mar/2016:3:17:42 CT]||equat||https://www5.example.org/nci/ofdeFin.gif?amco=exe#iatu||ionofde||con||uia||quiavo||1156||https://mail.example.com/consec/taliquip.html?radip=tNequ#gelit||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||tconsec", "tags": [ "preserve_original_event" @@ -52,9 +40,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078833057Z" - }, "message": "%APACHETOMCAT-4141-BADMTHD: 10.246.209.145||oluptas||llu||[26/Mar/2016:10:20:16 GMT+02:00]||ommod||https://internal.example.com/aqui/radipis.jpg?llumd=enatuse#magn||equuntu||eos||enimad||rmagni||1998||https://internal.example.net/onev/tenima.jpg?seq=olorema#ccaecat||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||fug", "tags": [ "preserve_original_event" @@ -64,9 +49,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078833945Z" - }, "message": "%APACHETOMCAT-2964-BADMETHOD: 10.114.191.225||uian||tempo||[09/Apr/2016:5:22:51 PST]||exercit||https://internal.example.com/omnis/antium.txt?lupta=iusmodt#doloreeu||pori||occ||ect||reetdolo||2770||https://www5.example.org/uiano/mrema.htm?anim=autfugi#inBCSedu||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||tanimi", "tags": [ "preserve_original_event" @@ -76,9 +58,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078834809Z" - }, "message": "April 24 00:25:25 erep2696.www.home %APACHETOMCAT- INDEX: 10.38.77.13||aquaeab||liqu||[24/Apr/2016:12:25:25 PT]||ehend||https://www5.example.net/uidolore/niamqu.gif?iat=tevelit#nsequat||loremagn||ipis||gelits||tatevel||3856||https://api.example.com/uovol/dmi.txt?quunt=ptat#ore||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||tsed", "tags": [ "preserve_original_event" @@ -88,9 +67,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078835670Z" - }, "message": "May 8 07:27:59 mUt2398.invalid %APACHETOMCAT- DEBUG: 10.11.201.109||boree||ugits||[08/May/2016:7:27:59 CEST]||iinea||https://www.example.org/idexea/riat.txt?tvol=moll#tatione||inB||deomni||tquovol||ntsuntin||3341||https://mail.example.org/imav/ididu.htm?tion=orsitame#quiratio||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||iam", "tags": [ "preserve_original_event" @@ -100,9 +76,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078836523Z" - }, "message": "%APACHETOMCAT-3097-BADMTHD: 10.182.166.181||apariat||mol||[22/May/2016:2:30:33 CT]||olupta||https://api.example.org/toccae/tatno.gif?taliqu=temUten#ccusan||iqu||ollit||usan||aper||5529||https://example.org/uaera/sitas.txt?aedic=atquovo#iumto||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||mquaera", "tags": [ "preserve_original_event" @@ -112,9 +85,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078837386Z" - }, "message": "%APACHETOMCAT-6283-null: 10.185.126.247||vel||quu||[05/Jun/2016:9:33:08 OMST]||avol||https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq||metcon||smo||litessec||emporinc||5075||https://internal.example.com/atcu/oremagna.jpg?remipsum=liq#ist||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||caecatc", "tags": [ "preserve_original_event" @@ -124,9 +94,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078838275Z" - }, "message": "June 20 04:35:42 siuta2896.www.localhost %APACHETOMCAT- SEARCH: 10.72.114.23||enia||nsequu||[20/Jun/2016:4:35:42 PST]||rsint||https://example.com/idestla/Nemoeni.htm?taed=lup#remeumf||antiumto||strude||ctetura||usmod||1640||https://mail.example.net/lor/fugit.jpg?rsitamet=lupt#xea||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||orain", "tags": [ "preserve_original_event" @@ -136,9 +103,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078839324Z" - }, "message": "July 4 11:38:16 oin6316.www5.host %APACHETOMCAT- TRACE: 10.129.241.147||lores||lapariat||[04/Jul/2016:11:38:16 PST]||etc||https://example.net/nimadmin/ditautfu.html?lpa=entsu#dun||onproide||luptat||itaut||imaven||152||https://internal.example.net/onproide/Nemoen.gif?pitla=ccu#urE||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||inculpaq", "tags": [ "preserve_original_event" @@ -148,9 +112,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078840200Z" - }, "message": "July 18 18:40:50 tionemu7691.www.local %APACHETOMCAT- BDMTHD: 10.185.101.76||errorsi||des||[18/Jul/2016:6:40:50 GMT+02:00]||stl||https://www5.example.com/ono/stru.jpg?emaperi=tame#tinvol||tectobe||colabor||iusmodt||etdolo||3768||https://internal.example.net/ommod/sequatur.txt?tlabo=suntexp#ugiatnu||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||itecto", "tags": [ "preserve_original_event" @@ -160,9 +121,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078841073Z" - }, "message": "%APACHETOMCAT-3217-GET: 10.57.170.140||nsec||onse||[02/Aug/2016:1:43:25 OMST]||inibusBo||https://example.net/tion/eataev.htm?uiineavo=tisetq#irati||ici||giatquov||eritquii||dexeac||3088||https://www.example.org/oreseos/uames.txt?msequi=isnostru#iquaUten||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||iadese", "tags": [ "preserve_original_event" @@ -172,9 +130,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078841945Z" - }, "message": "%APACHETOMCAT-1109-PUT: 10.33.153.47||hil||atquovo||[16/Aug/2016:8:45:59 GMT+02:00]||iineavo||https://internal.example.com/isno/taliq.htm?nnu=dolo#Loremip||idolor||emeumfu||CSed||lupt||6136||https://internal.example.net/quip/mporain.txt?uatD=iunt#temveleu||Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||tio", "tags": [ "preserve_original_event" @@ -184,9 +139,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078842847Z" - }, "message": "August 30 15:48:33 conse2991.internal.lan %APACHETOMCAT- FGET: 10.116.104.101||gnam||tat||[30/Aug/2016:3:48:33 CET]||lumqui||https://internal.example.net/mdolore/rQuisau.gif?iavolu=den#tutla||olorema||iades||siarchi||datatn||5076||https://internal.example.net/mipsumd/eFinib.jpg?remi=saute#ercit||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||remagn", "tags": [ "preserve_original_event" @@ -196,9 +148,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078843866Z" - }, "message": "%APACHETOMCAT-3361-null: 10.202.194.67||samvolu||ittenbyC||[13/Sep/2016:10:51:07 ET]||eirure||https://internal.example.com/oidentsu/atiset.jpg?ntor=lpaqui#sitame||iadese||nsectet||utla||utei||2716||https://example.com/tlabori/oin.jpg?quisnos=ite#ationul||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||eritqu", "tags": [ "preserve_original_event" @@ -208,9 +157,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078844745Z" - }, "message": "September 28 05:53:42 wri2784.api.domain %APACHETOMCAT- PUT: 10.153.111.103||itquiin||modocon||[28/Sep/2016:5:53:42 PST]||taevit||https://www5.example.com/etconse/tincu.txt?lit=asun#estia||eaq||occae||ctetura||labore||4621||https://www.example.com/adeseru/emoe.html?atur=itanimi#itame||Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30||rehender", "tags": [ "preserve_original_event" @@ -220,9 +166,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078845614Z" - }, "message": "%APACHETOMCAT-1637-DETECT_METHOD_TYPE: 10.52.186.29||equat||doloreme||[12/Oct/2016:12:56:16 GMT+02:00]||ione||https://www5.example.org/eriamea/amre.htm?magni=pisciv#iquidex||radipisc||tmo||fficiade||uscipit||4168||https://internal.example.net/oru/temqu.htm?etMalor=ipi#reseos||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mcolab", "tags": [ "preserve_original_event" @@ -232,9 +175,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078846482Z" - }, "message": "October 26 19:58:50 oquisqu2937.mail.domain %APACHETOMCAT- BDMTHD: 10.209.182.237||tper||olor||[26/Oct/2016:7:58:50 GMT-07:00]||osqui||https://www.example.org/iutali/fdeFi.jpg?liquide=etdol#uela||boN||eprehend||aevit||aboN||3423||https://example.net/tlabo/uames.gif?mpo=offi#giatnu||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||lor", "tags": [ "preserve_original_event" @@ -244,9 +184,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078847365Z" - }, "message": "November 10 03:01:24 dolore1287.internal.lan %APACHETOMCAT- CFYZ: 10.63.194.87||quisno||sin||[10/Nov/2016:3:01:24 CT]||aliquam||https://mail.example.net/itatione/isnis.html?oluptate=issus#osamn||isnisiu||bore||tsu||tcons||3128||https://api.example.org/lorinre/olorsita.gif?idata=rumwritt#magnid||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||dol", "tags": [ "preserve_original_event" @@ -256,9 +193,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078848252Z" - }, "message": "%APACHETOMCAT-4307-TRACE: 10.62.191.18||tevelite||orporiss||[24/Nov/2016:10:03:59 OMST]||tlabo||https://www.example.org/emvel/tmollita.htm?numqua=veni#eveli||eroi||dtemp||aliquide||ofde||4940||https://www5.example.org/maven/hende.jpg?labor=didunt#uptatema||Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||udan", "tags": [ "preserve_original_event" @@ -268,9 +202,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078849117Z" - }, "message": "%APACHETOMCAT-6040-CFYZ: 10.238.164.29||aturQui||utlabor||[08/Dec/2016:5:06:33 ET]||temvel||https://example.net/nisi/dant.txt?ecte=tinvolu#iurer||iciadese||quidolor||tessec||olupta||2660||https://example.org/idolor/uisau.jpg?llumdolo=nre#ercitat||Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||uiinea", "tags": [ "preserve_original_event" @@ -280,9 +211,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078850125Z" - }, "message": "%APACHETOMCAT-1612-SEARCH: 10.155.230.17||eni||ionevo||[23/Dec/2016:12:09:07 CT]||Ute||https://internal.example.com/sintocc/tlabor.txt?tDuisaut=oinBC#quameius||ipsumdol||tet||etdo||urerepr||4674||https://example.com/tetu/stru.htm?tlabore=Exc#pora||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||uteirure", "tags": [ "preserve_original_event" @@ -292,9 +220,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078851058Z" - }, "message": "January 6 07:11:41 ide2767.www5.local %APACHETOMCAT- RNDMMTD: 10.102.229.102||nnum||tenbyCi||[06/Jan/2017:7:11:41 PST]||tco||https://example.net/officiad/itam.html?madmi=tur#roi||niamqui||orem||sno||atno||5263||https://mail.example.net/ntocca/ostru.txt?quiavol=rrorsi#temquiav||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||sec", "tags": [ "preserve_original_event" @@ -304,9 +229,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078856698Z" - }, "message": "January 20 14:14:16 sBon1759.invalid %APACHETOMCAT- HEAD: 10.194.14.7||ten||vita||[20/Jan/2017:2:14:16 OMST]||ullamcor||https://mail.example.org/tor/qui.txt?eavolup=fugiatn#docon||etconsec||ios||evolu||ersp||3536||https://www5.example.org/sauteiru/mod.gif?tes=mquame#nihilmol||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||orain", "tags": [ "preserve_original_event" @@ -316,9 +238,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078857704Z" - }, "message": "%APACHETOMCAT-6113-get: 10.99.0.226||madmi||uidol||[03/Feb/2017:9:16:50 ET]||quameius||https://api.example.net/roid/inibusB.jpg?Nemoenim=squirati#Sedutp||utp||ema||rsitv||iciade||5649||https://example.com/lup/tatemUt.html?upida=tvolupt#eufugi||Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36||uredol", "tags": [ "preserve_original_event" @@ -328,9 +247,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078858573Z" - }, "message": "%APACHETOMCAT-6945-DETECT_METHOD_TYPE: 10.107.174.213||tenimad||minimav||[18/Feb/2017:4:19:24 OMST]||taedicta||https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut||uamni||ctet||ati||uine||2438||https://api.example.org/loreme/untu.htm?ven=con#nisist||Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36||ium", "tags": [ "preserve_original_event" @@ -340,9 +256,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078859446Z" - }, "message": "March 4 11:21:59 idunt4707.host %APACHETOMCAT- ABCD: 10.84.25.23||laudant||isnost||[04/Mar/2017:11:21:59 CET]||rQuisau||https://mail.example.org/iscinge/ofdeFini.jpg?molli=velitse#oditem||gitsedqu||borios||rsitvolu||quam||5315||https://www.example.org/ineavo/pexe.htm?iadolor=amcol#adeser||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||gitsed", "tags": [ "preserve_original_event" @@ -352,9 +265,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078860329Z" - }, "message": "%APACHETOMCAT-4367-uGET: 10.193.143.108||idolo||luptate||[18/Mar/2017:6:24:33 PT]||atisun||https://www.example.org/epre/tobeata.html?quia=iduntu#idestlab||rnatur||ofdeFin||essequam||acommo||3105||https://api.example.com/cusant/atemq.gif?itecto=reetdol#totamre||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||ercita", "tags": [ "preserve_original_event" @@ -364,9 +274,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078861270Z" - }, "message": "April 2 01:27:07 emquia1497.www5.lan %APACHETOMCAT- INDEX: 10.190.51.22||uamei||siut||[02/Apr/2017:1:27:07 CT]||uisa||https://example.com/mexe/its.htm?ice=oles#edic||seq||tutlab||sau||atevelit||2450||https://example.org/aperia/ccaeca.gif?ttenby=boris#stenatu||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||orumSe", "tags": [ "preserve_original_event" @@ -376,9 +283,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078862131Z" - }, "message": "April 16 08:29:41 riat3854.www5.home %APACHETOMCAT- BADMETHOD: 10.194.90.130||siut||tconsect||[16/Apr/2017:8:29:41 PT]||piscinge||https://www.example.com/velitess/naali.htm?nre=veli#volupta||rnatu||elitse||ima||quasia||2382||https://www5.example.com/quamqua/eacommod.html?iumdol=tpersp#stla||mobmail android 2.1.3.3150||sequamni", "tags": [ "preserve_original_event" @@ -388,9 +292,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078863022Z" - }, "message": "%APACHETOMCAT-6198-BDMTHD: 10.10.213.83||nea||psum||[30/Apr/2017:3:32:16 OMST]||ncididun||https://www.example.org/xeacomm/cinge.txt?apariat=vitaedi#lorsita||dolore||uptate||quidexea||ect||23||https://internal.example.com/ate/odoconse.jpg?quatu=veli#tenim||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||labo", "tags": [ "preserve_original_event" @@ -400,9 +301,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078863889Z" - }, "message": "May 14 22:34:50 aboreetd5461.host %APACHETOMCAT- uGET: 10.52.125.9||hit||urv||[14/May/2017:10:34:50 ET]||nimid||https://api.example.org/texpli/exeacom.jpg?rita=esseci#tametcon||liqua||mvele||isis||uasiar||2552||https://mail.example.net/loremqu/dantium.htm?teirured=onemulla#dolorem||Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]||rauto", "tags": [ "preserve_original_event" @@ -412,9 +310,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078864914Z" - }, "message": "%APACHETOMCAT-5770-RNDMMTD: 10.19.17.202||nby||mve||[29/May/2017:5:37:24 PT]||isau||https://api.example.net/ibusBon/ven.gif?nsequat=doloreme#dun||reprehe||tincu||suntin||itse||814||https://www5.example.org/intocc/amcorp.html?ssecillu=liqua#olo||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aec", "tags": [ "preserve_original_event" @@ -424,9 +319,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078865841Z" - }, "message": "June 12 12:39:58 iquidexe304.mail.test %APACHETOMCAT- RNDMMTD: 10.195.64.5||oreetd||uat||[12/Jun/2017:12:39:58 PT]||moenimi||https://mail.example.org/oconsequ/edquiac.gif?preh=ercit#etMal||qua||rsita||ate||ipsamvo||344||https://api.example.com/tdol/upt.htm?asper=idunt#luptat||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||ica", "tags": [ "preserve_original_event" @@ -436,9 +328,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078866761Z" - }, "message": "June 26 19:42:33 remips4828.www5.host %APACHETOMCAT- POST: 10.209.77.194||tvolup||itesseq||[26/Jun/2017:7:42:33 OMST]||snost||https://internal.example.com/llamc/nte.htm?utali=porinc#tetur||xce||dat||aincidu||nimadmin||4843||https://mail.example.com/eumfugi/etdolor.htm?dic=cola#amcor||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||elites", "tags": [ "preserve_original_event" @@ -448,9 +337,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078867688Z" - }, "message": "%APACHETOMCAT-1952-MKCOL: 10.168.6.90||rem||amvolupt||[11/Jul/2017:2:45:07 GMT+02:00]||atisund||https://example.net/ites/isetq.gif?nisiut=tur#avolupt||ariatur||rer||iconseq||porincid||6941||https://mail.example.org/nofd/dipisci.txt?ilmol=eri#quunt||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||tae", "tags": [ "preserve_original_event" @@ -460,9 +346,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078868610Z" - }, "message": "%APACHETOMCAT-7717-rndmmtd: 10.89.137.238||plica||ore||[25/Jul/2017:9:47:41 OMST]||emqu||https://mail.example.com/acommod/itsedd.html?admin=stenatu#inibu||est||uptatemU||leumiu||tla||4765||https://api.example.org/isa/niamqui.jpg?dqu=pid#rExc||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||erun", "tags": [ "preserve_original_event" @@ -472,9 +355,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078869531Z" - }, "message": "%APACHETOMCAT-4574-OPTIONS: 10.246.61.213||ntutlabo||iusmodte||[08/Aug/2017:4:50:15 CT]||loi||https://example.org/Nequepor/eirure.htm?idid=tesse#sequat||giatquov||tconsec||miurerep||toccaec||7645||https://www5.example.net/psaqua/ullamcor.txt?qui=cupi#tame||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||orroq", "tags": [ "preserve_original_event" @@ -484,9 +364,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078870449Z" - }, "message": "August 22 23:52:50 orin5238.host %APACHETOMCAT- MKCOL: 10.117.44.138||orem||rcit||[22/Aug/2017:11:52:50 PST]||enderit||https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo||oluptas||emvele||isnost||olorem||2760||https://www5.example.net/quunt/acommod.jpg?sit=rumSect#ita||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||aliq", "tags": [ "preserve_original_event" @@ -496,9 +373,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078871371Z" - }, "message": "%APACHETOMCAT-4801-PRONECT: 10.69.30.196||tore||elits||[06/Sep/2017:6:55:24 OMST]||ruredo||https://example.net/temUt/ptassita.gif?uamnihi=risnis#uov||itlab||urmag||omm||equ||4808||https://www.example.net/siuta/urmagn.html?uptat=idex#ptateve||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||nimveni", "tags": [ "preserve_original_event" @@ -508,9 +382,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078872313Z" - }, "message": "%APACHETOMCAT-7668-BADMTHD: 10.135.91.88||ercit||eporroq||[20/Sep/2017:1:57:58 CT]||ugiatn||https://api.example.com/dictasun/abore.txt?modocon=ipsu#ntNeq||tate||urExce||asi||ectiono||2241||https://example.org/onu/liquaUte.txt?velillu=ria#atDu||Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||emq", "tags": [ "preserve_original_event" @@ -520,9 +391,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078873253Z" - }, "message": "October 4 21:00:32 agnaaliq1829.mail.test %APACHETOMCAT- ABCD: 10.81.45.174||tin||fugitse||[04/Oct/2017:9:00:32 CEST]||liquide||https://example.net/Sedutpe/prehen.html?rcit=aecatcup#olabor||estl||erun||iruredol||incidid||7699||https://api.example.org/edquian/loremeu.gif?volupta=dmi#untexpl||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mipsamvo", "tags": [ "preserve_original_event" @@ -532,9 +400,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078874196Z" - }, "message": "%APACHETOMCAT-3517-rndmmtd: 10.87.179.233||mnisiut||avolu||[19/Oct/2017:4:03:07 PST]||eum||https://www.example.org/umetMal/asper.htm?metcons=itasper#uae||mve||uia||iciad||lorem||6137||https://www.example.org/redol/gnaa.htm?aliquamq=dtempori#toditaut||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||dexerc", "tags": [ "preserve_original_event" @@ -544,9 +409,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078875122Z" - }, "message": "%APACHETOMCAT-2669-COOK: 10.198.57.130||hitec||henderit||[02/Nov/2017:11:05:41 OMST]||perspici||https://api.example.net/mquisn/queips.gif?emUte=molestia#quir||eavolup||emip||ver||erc||294||https://example.com/iuntNequ/esseq.txt?remq=veniamq#occ||Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90||emo", "tags": [ "preserve_original_event" @@ -556,9 +418,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078876050Z" - }, "message": "%APACHETOMCAT-494-GET: 10.218.0.197||dolor||econs||[16/Nov/2017:6:08:15 ET]||eritin||https://www.example.net/yCic/nder.jpg?itanim=nesciun#saqu||iscive||quasiar||aeab||teur||609||https://www.example.org/mol/tur.jpg?usmodi=ree#saquaea||Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||eetd", "tags": [ "preserve_original_event" @@ -568,9 +427,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078876985Z" - }, "message": "December 1 01:10:49 iatqu7310.api.home %APACHETOMCAT- get: 10.123.199.198||irured||illumqui||[01/Dec/2017:1:10:49 PST]||tionula||https://mail.example.com/ecatcupi/uamei.html?nreprehe=onse#olorem||turvel||eratv||ipsa||asuntexp||1390||https://example.com/oremquel/lmole.jpg?boNem=iumt#tsed||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||mpo", "tags": [ "preserve_original_event" @@ -580,9 +436,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078877913Z" - }, "message": "December 15 08:13:24 uamnihil6127.api.domain %APACHETOMCAT- POST: 10.29.119.245||tatnon||leumiur||[15/Dec/2017:8:13:24 ET]||ore||https://internal.example.net/ection/roquisqu.html?ceroinB=nim#utaliqu||rsi||taliqui||mides||ciun||39||https://example.org/iatqu/inBCSedu.gif?urExcep=ema#suntex||Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36||anim", "tags": [ "preserve_original_event" @@ -592,9 +445,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078878843Z" - }, "message": "December 29 15:15:58 uov1629.internal.invalid %APACHETOMCAT- DETECT_METHOD_TYPE: 10.130.175.17||quide||quaU||[29/Dec/2017:3:15:58 PT]||inimav||https://mail.example.net/iutali/itat.txt?Finibus=radi#xeacom||des||atnulapa||billo||rroqu||2170||https://www.example.org/taedi/tquido.html?etconsec=elillum#upt||Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||onsectet", "tags": [ "preserve_original_event" @@ -604,9 +454,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078879877Z" - }, "message": "%APACHETOMCAT-5752-PROPFIND: 10.166.90.130||mdolore||eosquira||[12/Jan/2018:10:18:32 CET]||lloinven||https://mail.example.net/lmolesti/apariatu.htm?moe=msequ#uat||lupta||npr||etconsec||caboNem||1043||https://internal.example.org/litesseq/atcupida.html?tob=dolores#equamnih||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||deF", "tags": [ "preserve_original_event" @@ -616,9 +463,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078880821Z" - }, "message": "January 27 05:21:06 orumw5960.www5.home %APACHETOMCAT- GET: 10.248.111.207||dolor||tiumto||[27/Jan/2018:5:21:06 GMT-07:00]||quiavol||https://api.example.org/ratv/alorum.jpg?tali=BCS#qui||ugiatquo||incidid||quin||autemv||6174||https://internal.example.org/mipsumqu/tatio.jpg?admi=onnu#olorema||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||atatnon", "tags": [ "preserve_original_event" @@ -628,9 +472,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078881751Z" - }, "message": "%APACHETOMCAT-2940-asdf: 10.185.37.32||ame||tesseq||[10/Feb/2018:12:23:41 GMT+02:00]||tem||https://internal.example.net/gitse/ugitse.jpg?tvolup=tdolore#ventore||red||sinto||tatev||luptas||3286||https://api.example.net/aev/inrepr.gif?iadese=nisiu#imad||Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91||ptatem", "tags": [ "preserve_original_event" @@ -640,9 +481,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078882679Z" - }, "message": "%APACHETOMCAT-4927-SEARCH: 10.5.194.202||onproide||ntmo||[24/Feb/2018:7:26:15 CET]||riosa||https://example.org/pisc/urEx.html?rautod=olest#eataev||atcupi||atem||qui||otamr||7278||https://internal.example.com/meaque/uid.htm?tion=tobeatae#maccusa||Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||iqua", "tags": [ "preserve_original_event" @@ -652,9 +490,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078883634Z" - }, "message": "March 11 02:28:49 deriti6952.mail.domain %APACHETOMCAT- PRONECT: 10.183.34.1||boree||isn||[11/Mar/2018:2:28:49 CEST]||der||https://www5.example.com/aconse/prehe.gif?diduntu=eiusmod#itation||veleum||piciatis||nes||lmolesti||1559||https://www.example.org/emaperia/Section.txt?iame=orroquis#aquio||Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30||ntmoll", "tags": [ "preserve_original_event" @@ -664,9 +499,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078884566Z" - }, "message": "%APACHETOMCAT-4472-CFYZ: 10.101.163.40||abor||nBCSe||[25/Mar/2018:9:31:24 CEST]||remips||https://mail.example.net/reetdolo/rationev.html?reetdol=uelauda#ema||odi||ptatems||runtmo||ore||3512||https://internal.example.com/undeom/emullamc.jpg?quaer=eetdo#tlab||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||liq", "tags": [ "preserve_original_event" @@ -676,9 +508,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078885496Z" - }, "message": "April 8 16:33:58 nse3421.mail.localhost %APACHETOMCAT- uGET: 10.216.188.152||oremi||ugitsedq||[08/Apr/2018:4:33:58 ET]||atDuis||https://www5.example.com/mUteni/quira.htm?ore=tation#loinve||tatevel||iumdolo||untu||ict||2699||https://internal.example.com/riosamni/icta.gif?umetMa=imadmin#iqui||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||Nequepo", "tags": [ "preserve_original_event" @@ -688,9 +517,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078886422Z" - }, "message": "%APACHETOMCAT-1033-nGET: 10.94.140.77||veniam||isnisiu||[22/Apr/2018:11:36:32 OMST]||dol||https://www5.example.org/setquas/minim.gif?tutlabor=reseosq#gna||isiutali||lumqu||onulamco||ons||5050||https://mail.example.net/unt/tass.html?tla=mquiad#CSe||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||psa", "tags": [ "preserve_original_event" @@ -700,9 +526,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078887352Z" - }, "message": "%APACHETOMCAT-4133-PUT: 10.223.205.204||lor||ccaec||[07/May/2018:6:39:06 PST]||ommo||https://www.example.com/laudanti/umiurer.txt?rsitvolu=mnisi#usmo||iamea||imaveni||uiacon||iam||7526||https://mail.example.org/oin/itseddoe.html?citati=uamei#eursinto||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||tutla", "tags": [ "preserve_original_event" @@ -712,9 +535,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078888279Z" - }, "message": "May 21 13:41:41 tautfug689.localdomain %APACHETOMCAT- PUT: 10.85.137.156||atiset||serror||[21/May/2018:1:41:41 CEST]||isiut||https://mail.example.org/ici/nisiuta.jpg?itae=dtempo#atnula||ditautf||itametc||ori||uamqu||2804||https://example.com/quiac/sunt.gif?etdol=dolorsi#nturmag||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||Except", "tags": [ "preserve_original_event" @@ -724,9 +544,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078889228Z" - }, "message": "June 4 20:44:15 totam6886.api.localhost %APACHETOMCAT- QUALYS: 10.12.54.142||trudex||liquam||[04/Jun/2018:8:44:15 PST]||lor||https://mail.example.com/eseruntm/lpaquiof.html?magnaal=uscip#umS||iciadese||riatur||oeni||dol||3000||https://www5.example.net/teturadi/ditau.gif?piscivel=hend#eacommo||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aer", "tags": [ "preserve_original_event" @@ -736,9 +553,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078890152Z" - }, "message": "%APACHETOMCAT-3864-RNDMMTD: 10.158.6.52||dolorem||sed||[19/Jun/2018:3:46:49 OMST]||Nemoenim||https://example.net/labori/porai.gif?utali=sed#xeac||umdolors||lumdo||acom||eFini||4262||https://internal.example.org/uovol/prehend.html?eque=eufug#est||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||ntincul", "tags": [ "preserve_original_event" @@ -748,9 +562,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078891082Z" - }, "message": "July 3 10:49:23 tquo854.api.domain %APACHETOMCAT- MKCOL: 10.195.160.182||ine||urerepre||[03/Jul/2018:10:49:23 CT]||itessequ||https://www5.example.org/orissu/fic.gif?ese=mmodoco#amni||atnul||umfugi||stquidol||Nemoenim||1325||https://example.com/tasnul/tuserr.jpg?amvo=tnul#expl||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||isau", "tags": [ "preserve_original_event" @@ -760,9 +571,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078893485Z" - }, "message": "%APACHETOMCAT-6084-CONNECT: 10.20.68.117||rQuisaut||quas||[17/Jul/2018:5:51:58 ET]||metco||https://mail.example.com/iuntNeq/eddoei.jpg?sseq=eriam#pernat||udan||archi||iutaliq||urQuis||1742||https://example.net/orum/Bonoru.txt?agnamal=quei#quio||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||lamcola", "tags": [ "preserve_original_event" @@ -772,9 +580,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078894426Z" - }, "message": "August 1 00:54:32 venia6656.api.domain %APACHETOMCAT- CONNECT: 10.94.136.235||mmod||iti||[01/Aug/2018:12:54:32 PST]||amqu||https://www5.example.com/tanimid/onpr.gif?gelitse=oremqu#idex||radip||upta||tetura||rumet||6923||https://www5.example.org/lestia/nde.jpg?pisci=sunt#texplica||Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30||ore", "tags": [ "preserve_original_event" @@ -784,9 +589,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078895356Z" - }, "message": "August 15 07:57:06 veniam1216.www5.invalid %APACHETOMCAT- NCIRCLE: 10.152.11.26||expli||ugiat||[15/Aug/2018:7:57:06 GMT+02:00]||oinBCSed||https://www.example.net/ntorever/pisciv.gif?eritq=rehen#ipsamvol||elillum||veleumi||nsequatu||nula||2783||https://example.com/santi/ritati.gif?turadip=dip#idolo||Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10||aco", "tags": [ "preserve_original_event" @@ -796,9 +598,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078896280Z" - }, "message": "August 29 14:59:40 runtm5729.invalid %APACHETOMCAT- PRONECT: 10.82.118.95||bore||ptate||[29/Aug/2018:2:59:40 GMT+02:00]||labo||https://www5.example.com/quu/xeac.htm?abor=oreverit#scip||Finibus||Utenimad||olupta||tau||5211||https://www5.example.com/itametco/vel.htm?rere=pta#nonn||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||met", "tags": [ "preserve_original_event" @@ -808,9 +607,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078897211Z" - }, "message": "%APACHETOMCAT-4322-id: 10.187.152.213||conse||ventor||[12/Sep/2018:10:02:15 CEST]||mag||https://www.example.net/mini/Loremip.html?tur=atnonpr#ita||amquaer||aqui||enby||lpa||3948||https://www5.example.net/iat/ffic.htm?cte=aparia#CSe||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||ugitsedq", "tags": [ "preserve_original_event" @@ -820,9 +616,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078898140Z" - }, "message": "September 27 05:04:49 pta6012.www.local %APACHETOMCAT- uGET: 10.98.71.45||destla||fugitse||[27/Sep/2018:5:04:49 GMT+02:00]||eirur||https://www.example.net/duntutla/lamco.txt?isci=Dui#reetdo||ever||civelits||eos||ipitlabo||5440||https://internal.example.net/nonn/hite.htm?ariatur=labo#sautei||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||unt", "tags": [ "preserve_original_event" @@ -832,9 +625,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078899070Z" - }, "message": "%APACHETOMCAT-5971-uGET: 10.86.123.33||ugia||meum||[11/Oct/2018:12:07:23 OMST]||doei||https://www5.example.net/tev/nre.html?occaeca=eturadip#ent||rumSecti||Utenima||olore||orumS||757||https://www5.example.org/eursint/orio.txt?iameaqu=aaliquaU#olu||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||yCiceroi", "tags": [ "preserve_original_event" @@ -844,9 +634,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078900058Z" - }, "message": "%APACHETOMCAT-2852-FGET: 10.6.112.183||deom||oluptat||[25/Oct/2018:7:09:57 GMT-07:00]||eni||https://www5.example.net/uamnih/nseq.txt?uidolo=umdolore#dmi||tam||oremip||eufugi||dunt||6169||https://api.example.net/uidexeac/sequa.html?modoc=magnam#uinesc||Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||idatat", "tags": [ "preserve_original_event" @@ -856,9 +643,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078900982Z" - }, "message": "November 9 02:12:32 orsi2109.internal.home %APACHETOMCAT- LOCK: 10.227.156.143||sis||idolo||[09/Nov/2018:2:12:32 CEST]||tsedquia||https://example.net/umdolor/isiu.html?mmodi=snostr#eniamqu||inimav||tatevel||midestl||nci||6587||https://www5.example.org/nvolupt/meiusm.htm?aturv=ectetura#obeataev||Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10||seq", "tags": [ "preserve_original_event" @@ -868,9 +652,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078901913Z" - }, "message": "November 23 09:15:06 quaeabil2539.www5.lan %APACHETOMCAT- get: 10.124.129.248||iamqui||quide||[23/Nov/2018:9:15:06 CT]||cididun||https://example.org/ibusBo/untincu.jpg?lesti=sintocca#mipsumqu||eprehen||hilmole||sequ||sectetu||7182||https://example.net/dolor/lorumwri.htm?mquis=lab#uido||Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mwrit", "tags": [ "preserve_original_event" @@ -880,9 +661,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078902845Z" - }, "message": "December 7 16:17:40 aal1598.mail.host %APACHETOMCAT- CONNECT: 10.173.125.112||quiavolu||upta||[07/Dec/2018:4:17:40 OMST]||umtota||https://www5.example.org/magnaa/sumquiad.gif?oluptate=Duisa#consequa||eaqueip||itaedict||olorema||rep||3380||https://www5.example.net/siarc/fdeFin.jpg?tobeata=nesciun#amcolab||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||isnisiut", "tags": [ "preserve_original_event" @@ -892,9 +670,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078903884Z" - }, "message": "%APACHETOMCAT-5227-GET: 10.37.156.140||uisnos||olores||[21/Dec/2018:11:20:14 PST]||epo||https://www.example.org/evolup/rvelil.gif?eavolup=ipsumq#evit||tno||iss||taspe||lum||5911||https://api.example.net/eturad/tDuis.htm?enimadmi=tateveli#osa||Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16||idolorem", "tags": [ "preserve_original_event" @@ -904,9 +679,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078904821Z" - }, "message": "%APACHETOMCAT-5776-PRONECT: 10.121.225.135||ufugi||cin||[05/Jan/2019:6:22:49 ET]||byC||https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex||nse||miurere||evit||uatu||2448||https://www5.example.org/uamestqu/mpor.jpg?hender=ptatemU#seq||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||tnulapa", "tags": [ "preserve_original_event" @@ -916,9 +688,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078905753Z" - }, "message": "%APACHETOMCAT-7708-DEBUG: 10.123.68.56||expl||olore||[19/Jan/2019:1:25:23 CEST]||dentsunt||https://www.example.org/animid/upta.jpg?onnumqua=quioff#iuntN||ipis||itautfu||nesci||tam||1206||https://mail.example.net/tetura/eeufug.txt?modt=iduntutl#rsitam||Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36||ntor", "tags": [ "preserve_original_event" @@ -928,9 +697,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078906684Z" - }, "message": "February 2 20:27:57 oid218.api.invalid %APACHETOMCAT- RNDMMTD: 10.63.56.164||iquid||evo||[02/Feb/2019:8:27:57 GMT-07:00]||avolu||https://api.example.net/itesse/expl.html?prehende=lup#tpers||orsitv||temseq||uisaute||uun||4638||https://mail.example.net/nemulla/asp.html?ncul=taliq#tautfugi||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||umd", "tags": [ "preserve_original_event" @@ -940,9 +706,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078907617Z" - }, "message": "February 17 03:30:32 sectetur2674.www5.test %APACHETOMCAT- HEAD: 10.62.10.137||eeufugi||deomnisi||[17/Feb/2019:3:30:32 ET]||issus||https://example.net/deritinv/evelite.html?iav=odico#rsint||itl||ttenb||olor||quiav||6648||https://example.com/eumfu/lors.gif?upidata=ici#usant||Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10||con", "tags": [ "preserve_original_event" @@ -952,9 +715,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078908549Z" - }, "message": "March 3 10:33:06 sequatD4487.internal.localhost %APACHETOMCAT- INDEX: 10.89.154.115||oeiusmo||nimv||[03/Mar/2019:10:33:06 GMT+02:00]||tconse||https://example.org/tseddoei/teursint.htm?remagnaa=lamcolab#ceroinB||umqui||citation||temsequi||mquia||1119||https://api.example.net/iveli/conseq.htm?ercitat=taspe#yCiceroi||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||cti", "tags": [ "preserve_original_event" @@ -964,9 +724,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078909486Z" - }, "message": "%APACHETOMCAT-4758-TRACE: 10.122.252.130||tuser||mmo||[17/Mar/2019:5:35:40 PST]||tlaboru||https://www5.example.com/ciad/ugiatqu.gif?turveli=isciv#natus||boreet||luptasnu||ento||snostr||3904||https://api.example.org/xerc/Nequep.htm?ria=beat#rro||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||uisau", "tags": [ "preserve_original_event" @@ -976,9 +733,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078910421Z" - }, "message": "%APACHETOMCAT-2573-id: 10.195.152.53||ueporroq||ute||[01/Apr/2019:12:38:14 GMT-07:00]||tationu||https://api.example.com/olore/ntutlab.htm?ameaquei=gnama#esciun||tesse||olupta||isno||oluptas||5560||https://www.example.net/rinrepr/dutp.jpg?modo=uiavo#uisaut||mobmail android 2.1.3.3150||paq", "tags": [ "preserve_original_event" @@ -988,9 +742,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078911374Z" - }, "message": "April 15 07:40:49 nul5107.www5.domain %APACHETOMCAT- ABCD: 10.9.255.204||illoin||emUtenim||[15/Apr/2019:7:40:49 CT]||uid||https://mail.example.com/rvelil/adese.htm?incidi=aedictas#rumetMa||mexerci||urEx||ditaut||ctetur||3089||https://mail.example.com/oreeu/mea.jpg?tis=oluptat#emi||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||iaeconse", "tags": [ "preserve_original_event" @@ -1000,9 +751,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078912333Z" - }, "message": "April 29 14:43:23 nimadmin5630.localdomain %APACHETOMCAT- RNDMMTD: 10.214.235.133||equ||nulapari||[29/Apr/2019:2:43:23 GMT-07:00]||tsunt||https://www.example.org/oremi/ectobeat.gif?oreeu=uasiarch#Malor||boriosa||cillumdo||ditau||moenimip||5930||https://internal.example.net/oreetd/lor.txt?etc=eturadip#nost||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||evel", "tags": [ "preserve_original_event" @@ -1012,9 +760,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078913271Z" - }, "message": "May 13 21:45:57 sequuntu3563.internal.test %APACHETOMCAT- TRACE: 10.5.134.204||apari||iarchit||[13/May/2019:9:45:57 PT]||orum||https://api.example.com/orsitam/tiset.jpg?ati=rauto#doloreeu||lors||eumfu||docons||tur||3197||https://api.example.org/uasi/maveniam.html?rspicia=pitl#imi||Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80||taevit", "tags": [ "preserve_original_event" @@ -1024,9 +769,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078914205Z" - }, "message": "%APACHETOMCAT-6820-SEARCH: 10.144.111.42||sumquia||vento||[28/May/2019:4:48:31 CEST]||asnu||https://example.org/rep/mveni.txt?utpers=num#ctetura||quaerat||tDuisau||aturve||ptateve||7615||https://internal.example.com/tconsect/pariat.gif?etcon=ctobeat#isi||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||lorumw", "tags": [ "preserve_original_event" @@ -1036,9 +778,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078915134Z" - }, "message": "%APACHETOMCAT-3071-FGET: 10.122.0.80||olupt||ola||[11/Jun/2019:11:51:06 CT]||etquasia||https://example.net/adm/snostr.jpg?tec=itaspe#con||illumdo||antium||remaper||eseosq||2945||https://www.example.com/uae/ata.htm?snulap=cidu#hilmol||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||quamq", "tags": [ "preserve_original_event" @@ -1048,9 +787,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078916072Z" - }, "message": "June 25 18:53:40 tdolo2150.www.example %APACHETOMCAT- ABCD: 10.165.33.19||uamqu||iusmodi||[25/Jun/2019:6:53:40 ET]||aparia||https://mail.example.com/ccusant/epteurs.htm?oidentsu=oditau#onsec||dit||namaliqu||yCic||tetura||1569||https://www.example.net/ttenb/eirure.txt?rem=exer#eeufug||Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||lapari", "tags": [ "preserve_original_event" @@ -1060,9 +796,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078917008Z" - }, "message": "July 10 01:56:14 cinge6032.api.local %APACHETOMCAT- BADMTHD: 10.87.92.17||utlabore||tamr||[10/Jul/2019:1:56:14 CT]||iutaliq||https://mail.example.org/onemul/trudexe.txt?ura=oreeufug#Quisa||quiav||ctionofd||elit||sam||6211||https://internal.example.org/unt/isni.htm?ecillum=olor#amei||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||quid", "tags": [ "preserve_original_event" @@ -1072,9 +805,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078917949Z" - }, "message": "%APACHETOMCAT-7615-BADMETHOD: 10.51.52.203||wri||itame||[24/Jul/2019:8:58:48 ET]||dictasun||https://example.com/lorese/olupta.jpg?onsec=idestl#litani||emp||arch||non||mollit||5823||https://internal.example.org/tobeatae/ntut.gif?exe=naa#equat||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||mqu", "tags": [ "preserve_original_event" @@ -1084,9 +814,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078918881Z" - }, "message": "August 7 16:01:23 ende6053.local %APACHETOMCAT- rndmmtd: 10.0.211.86||rsp||imipsa||[07/Aug/2019:4:01:23 CEST]||int||https://internal.example.net/llitani/uscipit.html?etcons=etco#iuntN||utfugi||ursintoc||tio||mmodicon||6776||https://internal.example.net/tvol/lup.gif?ollita=qua#ionula||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||cusa", "tags": [ "preserve_original_event" @@ -1096,9 +823,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078919812Z" - }, "message": "%APACHETOMCAT-264-OPTIONS: 10.106.34.244||eumiu||nim||[21/Aug/2019:11:03:57 PST]||rehen||https://mail.example.net/ptat/mipsu.htm?eturadip=amquaera#rsitamet||leumiur||ssequamn||ave||taliqui||3714||https://example.net/undeomn/ape.jpg?amco=ons#onsecte||Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||atquo", "tags": [ "preserve_original_event" @@ -1108,9 +832,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078920743Z" - }, "message": "%APACHETOMCAT-2943-nGET: 10.191.210.188||inculpa||ruredol||[05/Sep/2019:6:06:31 OMST]||ipit||https://www.example.org/quae/periam.html?emoenimi=iquipex#mqu||onorume||abill||ametcon||ofdeFini||7052||https://example.net/tionev/uasiarch.html?qui=ehender#equa||Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36||nimides", "tags": [ "preserve_original_event" @@ -1120,9 +841,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078921673Z" - }, "message": "%APACHETOMCAT-6165-BDMTHD: 10.2.38.49||asiarc||lor||[19/Sep/2019:1:09:05 GMT+02:00]||snula||https://www.example.com/bori/dipi.gif?utf=dolor#dexe||nemul||Duis||lupt||quatur||5775||https://www.example.org/ipsa/con.gif?uianonnu=tatiset#quira||mobmail android 2.1.3.3150||aea", "tags": [ "preserve_original_event" @@ -1132,9 +850,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078922604Z" - }, "message": "October 3 20:11:40 didun1193.example %APACHETOMCAT- id: 10.66.92.90||orumwri||atisu||[03/Oct/2019:8:11:40 PST]||tse||https://example.com/iat/tqui.gif?utaliqui=emse#emqui||cipitla||tlab||vel||ionevo||4580||https://mail.example.com/volupta/umfu.gif?tisetq=tDuisaut#dolo||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||samvol", "tags": [ "preserve_original_event" @@ -1144,9 +859,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078923534Z" - }, "message": "October 18 03:14:14 apari2660.www5.lan %APACHETOMCAT- BADMTHD: 10.97.108.108||fficiad||teirured||[18/Oct/2019:3:14:14 PST]||sistena||https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost||sequines||olor||sequa||lorum||7649||https://mail.example.com/Sedut/tatis.gif?reeufugi=sequines#minimve||Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g||toditau", "tags": [ "preserve_original_event" @@ -1156,9 +868,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078924489Z" - }, "message": "November 1 10:16:48 nvolupta238.www.host %APACHETOMCAT- COOK: 10.147.147.248||onpr||uira||[01/Nov/2019:10:16:48 CET]||ptatev||https://api.example.net/uiaco/aliqu.txt?udexerci=uae#imveni||econ||aborio||rve||catcup||177||https://www5.example.org/busBon/norumetM.jpg?vitaedi=rna#cons||Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36||lupta", "tags": [ "preserve_original_event" @@ -1168,9 +877,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078925450Z" - }, "message": "November 15 17:19:22 icer123.mail.example %APACHETOMCAT- NCIRCLE: 10.152.190.61||imvenia||culp||[15/Nov/2019:5:19:22 GMT-07:00]||nesciu||https://www.example.org/roinBCSe/eetdolor.html?tla=iaconseq#sed||sedd||atione||tvolup||oremeu||6708||https://api.example.com/dan/pta.html?oNem=itaedict#eroi||Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||uptateve", "tags": [ "preserve_original_event" @@ -1180,9 +886,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078926387Z" - }, "message": "November 30 00:21:57 lumqui6488.api.example %APACHETOMCAT- DETECT_METHOD_TYPE: 10.129.232.105||des||deFini||[30/Nov/2019:12:21:57 GMT-07:00]||aliquaU||https://www.example.net/tvolu/imve.txt?gnaaliq=quam#deriti||edictasu||eturadi||umS||noru||5321||https://api.example.org/taevitae/tevel.htm?vol=ita#iquipexe||Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36||quamqua", "tags": [ "preserve_original_event" @@ -1192,9 +895,6 @@ "ecs": { "version": "8.2.0" }, - "event": { - "ingested": "2022-01-25T13:05:27.078927311Z" - }, "message": "%APACHETOMCAT-5473-TRACE: 10.12.173.112||Excepteu||mco||[14/Dec/2019:7:24:31 PT]||undeom||https://internal.example.org/teturadi/radipi.gif?upidatat=mod#niamqui||litsedd||nidol||inBC||hite||423||https://api.example.net/dminimve/remips.txt?uiac=tquii#tesse||Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61||emeumfu", "tags": [ "preserve_original_event" diff --git a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b54c319fc3b..2acd0481e2d 100644 --- a/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tomcat/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -2,10 +2,6 @@ description: Pipeline for Apache Tomcat processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: '8.2.0' diff --git a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json index be9dcbbed11..e0d30ca46fa 100644 --- a/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json +++ b/packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-expected.json @@ -44,7 +44,6 @@ }, "event": { "severity": 4, - "ingested": "2022-01-03T06:35:04.302100349Z", "original": "{ \"alert_type\": \"search query\", \"logs\": [{ \"id\": 205171631, \"timestamp\": \"2021-04-29T18:56:52+00:00\", \"actor\": \"ZeroFox Platform Specialist\", \"subject\": \"\", \"action\": \"modify tags\" }, { \"id\": 205171630, \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\" } ], \"offending_content_url\": \"hxxp://abc.biz?entity=123456\", \"asset_term\": \"\", \"assignee\": \"\", \"entity\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } }, \"entity_term\": \"\", \"content_created_at\": \"2017-01-10T11:00:00+00:00\", \"id\": 123456789, \"protected_account\": \"\", \"severity\": 4, \"perpetrator\": { \"name\": \"Concealed\", \"display_name\": \"Concealed\", \"id\": 123456789, \"url\": \"hxxp://abc.biz?entity=123456\", \"content\": \"Variation of protected domain abc.com found: abc.biz\", \"type\": \"page\", \"timestamp\": \"2017-01-10T11:00:00+00:00\", \"network\": \"domains\" },\"rule_group_id\": 457, \"metadata\": \"{}\", \"status\": \"Open\", \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"rule_name\": \"Advanced Domain Analysis - Typosquat Match\", \"last_modified\": \"2021-04-29T18:56:52Z\", \"protected_locations\": \"\", \"darkweb_term\": \"\", \"business_network\": \"\", \"reviewed\": false, \"escalated\": false, \"network\": \"domains\", \"protected_social_object\": \"\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 38160, \"entity_account\": \"\", \"entity_email_receiver_id\": \"\", \"tags\": [], \"asset\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } } }", "created": "2017-01-10T11:00:00.000Z", "kind": "alert", @@ -111,7 +110,6 @@ }, "event": { "severity": 1, - "ingested": "2022-01-03T06:35:04.302112327Z", "original": "{\"alert_type\": \"search query\", \"logs\": [{\"id\": 206587078, \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"asset_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"content_created_at\": \"2021-05-06T13:29:27+00:00\", \"id\": 137814029, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 6830162495, \"username\": \"NOWMG\", \"display_name\": \"NOW Marketing Group\", \"account_number\": \"178236715\", \"destination_account_number\": \"178236715\", \"parent_post_number\": null, \"parent_post_url\": null, \"parent_post_account_number\": null, \"post_number\": \"1390297659475365894\", \"network\": \"twitter\", \"image\": \"https://pbs.twimg.com/profile_images/1356266220065009667/dTlGFDCM.jpg\", \"url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"type\": \"post\", \"post_type\": \"post\", \"timestamp\": \"2021-05-06T13:29:27+00:00\"}, \"rule_group_id\": null, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"rule_name\": \"Mentions\", \"last_modified\": \"2021-05-06T13:50:48Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": false, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": \"#darksocial\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 40816, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }", "created": "2021-05-06T13:29:27.000Z", "kind": "alert", @@ -170,7 +168,6 @@ }, "event": { "severity": 1, - "ingested": "2022-01-03T06:35:04.302113908Z", "original": "{\"alert_type\": \"impersonating account\", \"logs\": [{\"id\": 206433935, \"timestamp\": \"2021-05-05T19:36:38+00:00\", \"actor\": \"jedmunds@zerofox.com\", \"subject\": \"\", \"action\": \"review\"}, {\"id\": 206431230, \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"actor\": \"jedmunds@zerofox.com\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/TheDarkSocial\", \"asset_term\": null, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": null, \"content_created_at\": \"2014-08-09T16:00:16+00:00\", \"id\": 137731395, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 958871039, \"username\": \"TheDarkSocial\", \"display_name\": \"Dark Social\", \"account_number\": \"2719621658\", \"image\": \"https://pbs.twimg.com/profile_images/498137972940603392/45HEzP-B.jpeg\", \"network\": \"twitter\", \"url\": \"https://twitter.com/TheDarkSocial\", \"type\": \"account\", \"timestamp\": \"2014-08-09T16:00:16+00:00\"}, \"rule_group_id\": 4, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"jedmunds@zerofox.com\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"rule_name\": \"Impersonation - Name\", \"last_modified\": \"2021-05-05T19:36:38Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": true, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": null, \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 32, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }", "created": "2014-08-09T16:00:16.000Z", "kind": "alert", diff --git a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 6bc191278f9..1f26dc9c1e0 100644 --- a/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zerofox/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -1,10 +1,7 @@ --- description: Pipeline for parsing zerofox alerts processors: - ## Ingestion date and ECS version. - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' + ## ECS version. - set: field: ecs.version value: "8.2.0" diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json index 34acd662dde..52245b2e5f7 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json @@ -26,7 +26,6 @@ }, "event": { "action": "account.created", - "ingested": "2022-01-03T06:40:02.596222323Z", "category": [ "iam" ], @@ -78,7 +77,6 @@ }, "event": { "action": "account.updated", - "ingested": "2022-01-03T06:40:02.596225683Z", "category": [ "iam" ], @@ -129,7 +127,6 @@ }, "event": { "action": "account.disassociated", - "ingested": "2022-01-03T06:40:02.596226904Z", "category": [ "iam" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json index 1f6df58aafe..803d8188705 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json @@ -29,7 +29,6 @@ }, "event": { "action": "chat_channel.created", - "ingested": "2022-01-03T06:40:03.347463176Z", "type": [ "creation" ], @@ -68,7 +67,6 @@ }, "event": { "action": "chat_channel.updated", - "ingested": "2022-01-03T06:40:03.347466461Z", "type": [ "change" ], @@ -107,7 +105,6 @@ }, "event": { "action": "chat_channel.deleted", - "ingested": "2022-01-03T06:40:03.347467486Z", "type": [ "deletion" ], @@ -148,7 +145,6 @@ }, "event": { "action": "chat_channel.member_invited", - "ingested": "2022-01-03T06:40:03.347468385Z", "type": [ "user" ], @@ -187,7 +183,6 @@ }, "event": { "action": "chat_channel.member_joined", - "ingested": "2022-01-03T06:40:03.347469285Z", "type": [ "user" ], @@ -226,7 +221,6 @@ }, "event": { "action": "chat_channel.member_left", - "ingested": "2022-01-03T06:40:03.347470239Z", "type": [ "user" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json index e21e3db2a9d..fe24b6ba896 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json @@ -29,7 +29,6 @@ }, "event": { "action": "chat_message.sent", - "ingested": "2022-01-03T06:40:04.365213670Z", "type": [ "info", "creation" @@ -72,7 +71,6 @@ }, "event": { "action": "chat_message.updated", - "ingested": "2022-01-03T06:40:04.365216461Z", "type": [ "info", "change" @@ -114,7 +112,6 @@ }, "event": { "action": "chat_message.updated", - "ingested": "2022-01-03T06:40:04.365217486Z", "type": [ "info", "change" diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json index ee04a984680..fc4b699ee8d 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json @@ -28,7 +28,6 @@ "event": { "duration": 3600000000000, "action": "meeting.alert", - "ingested": "2022-01-03T06:40:04.898098074Z", "type": [ "error" ], @@ -70,7 +69,6 @@ "event": { "duration": 3600000000000, "action": "meeting.created", - "ingested": "2022-01-03T06:40:04.898101204Z", "type": [ "info", "creation" @@ -125,7 +123,6 @@ "event": { "duration": 7200000000000, "action": "meeting.updated", - "ingested": "2022-01-03T06:40:04.898102230Z", "type": [ "info", "change" @@ -172,7 +169,6 @@ "event": { "duration": 3600000000000, "action": "meeting.deleted", - "ingested": "2022-01-03T06:40:04.898103149Z", "type": [ "info", "deletion" @@ -213,7 +209,6 @@ "event": { "duration": 3600000000000, "action": "meeting.started", - "ingested": "2022-01-03T06:40:04.898104056Z", "type": [ "info", "start" @@ -254,7 +249,6 @@ "event": { "duration": 600000000000, "action": "meeting.ended", - "ingested": "2022-01-03T06:40:04.898105035Z", "type": [ "info", "end" @@ -302,7 +296,6 @@ "event": { "duration": 7200000000000, "action": "meeting.registration_created", - "ingested": "2022-01-03T06:40:04.898105932Z", "type": [ "info", "creation" @@ -355,7 +348,6 @@ "event": { "duration": 3600000000000, "action": "meeting.registration_approved", - "ingested": "2022-01-03T06:40:04.898106818Z", "type": [ "info", "allowed" @@ -404,7 +396,6 @@ "event": { "duration": 7200000000000, "action": "meeting.registration_cancelled", - "ingested": "2022-01-03T06:40:04.898107692Z", "type": [ "info" ], @@ -455,7 +446,6 @@ "event": { "duration": 3600000000000, "action": "meeting.sharing_started", - "ingested": "2022-01-03T06:40:04.898108563Z", "type": [ "info", "start" @@ -509,7 +499,6 @@ "event": { "duration": 3600000000000, "action": "meeting.sharing_ended", - "ingested": "2022-01-03T06:40:04.898109413Z", "type": [ "info", "end" @@ -553,7 +542,6 @@ "event": { "duration": 3600000000000, "action": "meeting.participant_jbh_waiting", - "ingested": "2022-01-03T06:40:04.898110411Z", "type": [ "info" ], @@ -596,7 +584,6 @@ "event": { "duration": 3600000000000, "action": "meeting.participant_jbh_joined", - "ingested": "2022-01-03T06:40:04.898111304Z", "type": [ "info" ], @@ -643,7 +630,6 @@ "event": { "duration": 3600000000000, "action": "meeting.participant_joined", - "ingested": "2022-01-03T06:40:04.898112176Z", "type": [ "info" ], @@ -690,7 +676,6 @@ "event": { "duration": 3600000000000, "action": "meeting.participant_left", - "ingested": "2022-01-03T06:40:04.898113050Z", "type": [ "info" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json index 253394b47ab..aeafa9f8c7a 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json @@ -38,7 +38,6 @@ }, "event": { "action": "phone.caller_ringing", - "ingested": "2022-01-03T06:40:07.698973156Z", "type": [ "info", "creation" @@ -87,7 +86,6 @@ }, "event": { "action": "phone.caller_connected", - "ingested": "2022-01-03T06:40:07.698976437Z", "type": [ "info", "start" @@ -134,7 +132,6 @@ }, "event": { "action": "phone.caller_ringing", - "ingested": "2022-01-03T06:40:07.698977674Z", "type": [ "info", "creation" @@ -183,7 +180,6 @@ }, "event": { "action": "phone.callee_answered", - "ingested": "2022-01-03T06:40:07.698978750Z", "type": [ "info", "start" @@ -228,7 +224,6 @@ }, "event": { "action": "phone.callee_missed", - "ingested": "2022-01-03T06:40:07.698979777Z", "type": [ "info", "end" @@ -274,7 +269,6 @@ }, "event": { "duration": 4000000000, - "ingested": "2022-01-03T06:40:07.698980824Z", "kind": [ "event" ], @@ -323,7 +317,6 @@ }, "event": { "duration": 4000000000, - "ingested": "2022-01-03T06:40:07.698981864Z", "kind": [ "event" ], @@ -372,7 +365,6 @@ }, "event": { "duration": 6000000000, - "ingested": "2022-01-03T06:40:07.698982956Z", "kind": [ "event" ], @@ -424,7 +416,6 @@ }, "event": { "action": "phone.voicemail_received", - "ingested": "2022-01-03T06:40:07.698983970Z", "type": [ "info" ], @@ -452,7 +443,6 @@ }, "event": { "action": "phone.caller_call_log_completed", - "ingested": "2022-01-03T06:40:07.698984999Z", "type": [ "info" ], @@ -477,7 +467,6 @@ }, "event": { "action": "phone.callee_call_log_completed", - "ingested": "2022-01-03T06:40:07.698986033Z", "type": [ "info" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json index 318d444ea3c..3673c15ed53 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json @@ -32,7 +32,6 @@ "event": { "start": "2019-07-31T22:41:02Z", "action": "recording.started", - "ingested": "2022-01-03T06:40:09.220154671Z", "type": [ "info", "start" @@ -76,7 +75,6 @@ }, "event": { "action": "recording.paused", - "ingested": "2022-01-03T06:40:09.220157489Z", "type": [ "info", "change" @@ -120,7 +118,6 @@ }, "event": { "action": "recording.resumed", - "ingested": "2022-01-03T06:40:09.220158533Z", "type": [ "info", "change" @@ -165,7 +162,6 @@ }, "event": { "action": "recording.stopped", - "ingested": "2022-01-03T06:40:09.220159425Z", "end": "2019-07-31T22:43:29Z", "type": [ "info", @@ -210,7 +206,6 @@ }, "event": { "action": "recording.completed", - "ingested": "2022-01-03T06:40:09.220160298Z", "type": [ "info", "end" @@ -259,7 +254,6 @@ }, "event": { "action": "recording.renamed", - "ingested": "2022-01-03T06:40:09.220161167Z", "type": [ "info", "change" @@ -303,7 +297,6 @@ }, "event": { "action": "recording.trashed", - "ingested": "2022-01-03T06:40:09.220162082Z", "type": [ "info", "deletion" @@ -349,7 +342,6 @@ }, "event": { "action": "recording.deleted", - "ingested": "2022-01-03T06:40:09.220162948Z", "type": [ "info", "deletion" @@ -395,7 +387,6 @@ }, "event": { "action": "recording.recovered", - "ingested": "2022-01-03T06:40:09.220163830Z", "type": [ "info", "change" @@ -441,7 +432,6 @@ }, "event": { "action": "recording.transcript_completed", - "ingested": "2022-01-03T06:40:09.220164695Z", "type": [ "info", "end" @@ -492,7 +482,6 @@ }, "event": { "action": "recording.registration_created", - "ingested": "2022-01-03T06:40:09.220165545Z", "type": [ "info", "creation" @@ -542,7 +531,6 @@ }, "event": { "action": "recording.registration_approved", - "ingested": "2022-01-03T06:40:09.220166513Z", "type": [ "info", "allowed" @@ -592,7 +580,6 @@ }, "event": { "action": "recording.registration_denied", - "ingested": "2022-01-03T06:40:09.220167387Z", "type": [ "info", "denied" diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json index 4b7e8ac11e2..07593caa4a7 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-expected.json @@ -27,7 +27,6 @@ }, "event": { "action": "user.created", - "ingested": "2022-01-03T06:40:11.898867209Z", "category": [ "iam" ], @@ -69,7 +68,6 @@ }, "event": { "action": "user.invitation_accepted", - "ingested": "2022-01-03T06:40:11.898870441Z", "category": [ "iam" ], @@ -116,7 +114,6 @@ }, "event": { "action": "user.updated", - "ingested": "2022-01-03T06:40:11.898871440Z", "category": [ "iam" ], @@ -174,7 +171,6 @@ }, "event": { "action": "user.settings_updated", - "ingested": "2022-01-03T06:40:11.898872345Z", "category": [ "configuration", "iam" @@ -229,7 +225,6 @@ }, "event": { "action": "user.settings_updated", - "ingested": "2022-01-03T06:40:11.898873256Z", "category": [ "configuration", "iam" @@ -278,7 +273,6 @@ }, "event": { "action": "user.deactivated", - "ingested": "2022-01-03T06:40:11.898874146Z", "category": [ "iam" ], @@ -328,7 +322,6 @@ }, "event": { "action": "user.activated", - "ingested": "2022-01-03T06:40:11.898875027Z", "category": [ "iam" ], @@ -378,7 +371,6 @@ }, "event": { "action": "user.disassociated", - "ingested": "2022-01-03T06:40:11.898875893Z", "category": [ "iam" ], @@ -428,7 +420,6 @@ }, "event": { "action": "user.deleted", - "ingested": "2022-01-03T06:40:11.898876737Z", "category": [ "iam" ], @@ -473,7 +464,6 @@ }, "event": { "action": "user.presence_status_updated", - "ingested": "2022-01-03T06:40:11.898880795Z", "category": [ "iam" ], @@ -516,7 +506,6 @@ }, "event": { "action": "user.personal_notes_updated", - "ingested": "2022-01-03T06:40:11.898881690Z", "category": [ "iam" ], @@ -561,7 +550,6 @@ }, "event": { "action": "user.signed_in", - "ingested": "2022-01-03T06:40:11.898882677Z", "category": [ "authentication" ], @@ -602,7 +590,6 @@ }, "event": { "action": "user.signed_out", - "ingested": "2022-01-03T06:40:11.898883550Z", "category": [ "authentication" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json index ccf4a26f1f0..bd9392fc9d2 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-webinar.json-expected.json @@ -30,7 +30,6 @@ }, "event": { "action": "webinar.created", - "ingested": "2022-01-03T06:40:14.393087560Z", "type": [ "info", "creation" @@ -85,7 +84,6 @@ }, "event": { "action": "webinar.updated", - "ingested": "2022-01-03T06:40:14.393090335Z", "type": [ "info", "change" @@ -129,7 +127,6 @@ }, "event": { "action": "webinar.deleted", - "ingested": "2022-01-03T06:40:14.393091370Z", "type": [ "info", "deletion" @@ -172,7 +169,6 @@ }, "event": { "action": "webinar.started", - "ingested": "2022-01-03T06:40:14.393092276Z", "type": [ "info", "start" @@ -214,7 +210,6 @@ }, "event": { "action": "webinar.ended", - "ingested": "2022-01-03T06:40:14.393093186Z", "type": [ "info", "end" @@ -255,7 +250,6 @@ }, "event": { "action": "webinar.alert", - "ingested": "2022-01-03T06:40:14.393094070Z", "type": [ "error" ], @@ -304,7 +298,6 @@ }, "event": { "action": "webinar.sharing_started", - "ingested": "2022-01-03T06:40:14.393094960Z", "type": [ "info", "start" @@ -358,7 +351,6 @@ }, "event": { "action": "webinar.sharing_started", - "ingested": "2022-01-03T06:40:14.393095834Z", "type": [ "info", "start" @@ -409,7 +401,6 @@ }, "event": { "action": "webinar.registration_created", - "ingested": "2022-01-03T06:40:14.393096698Z", "type": [ "info", "creation" @@ -462,7 +453,6 @@ }, "event": { "action": "webinar.registration_approved", - "ingested": "2022-01-03T06:40:14.393097562Z", "type": [ "info", "allowed", @@ -514,7 +504,6 @@ }, "event": { "action": "webinar.registration_denied", - "ingested": "2022-01-03T06:40:14.393098491Z", "type": [ "info", "denied", @@ -566,7 +555,6 @@ }, "event": { "action": "webinar.registration_cancelled", - "ingested": "2022-01-03T06:40:14.393099487Z", "type": [ "info", "change" @@ -617,7 +605,6 @@ }, "event": { "action": "webinar.participant_joined", - "ingested": "2022-01-03T06:40:14.393100395Z", "type": [ "info" ], @@ -666,7 +653,6 @@ }, "event": { "action": "webinar.participant_left", - "ingested": "2022-01-03T06:40:14.393101278Z", "type": [ "info" ], diff --git a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json index 52f543b70df..c2200868d34 100644 --- a/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json +++ b/packages/zoom/data_stream/webhook/_dev/test/pipeline/test-zoomroom.json-expected.json @@ -23,7 +23,6 @@ }, "event": { "action": "zoomroom.alert", - "ingested": "2022-01-03T06:40:16.974365045Z", "kind": [ "event" ] @@ -52,7 +51,6 @@ }, "event": { "action": "zoomroom.delayed_alert", - "ingested": "2022-01-03T06:40:16.974368261Z", "kind": [ "event" ] @@ -81,7 +79,6 @@ }, "event": { "action": "zoomroom.checked_in", - "ingested": "2022-01-03T06:40:16.974369327Z", "type": [ "info", "start" @@ -114,7 +111,6 @@ }, "event": { "action": "zoomroom.checked_in", - "ingested": "2022-01-03T06:40:16.974370285Z", "type": [ "info", "start" diff --git a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml index 7904d34fa79..018e6ce9f9f 100644 --- a/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zoom/data_stream/webhook/elasticsearch/ingest_pipeline/default.yml @@ -7,9 +7,6 @@ processors: - set: field: observer.product value: Webhook - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version value: 8.2.0 From 0d7bf29b57d8a09a3b56aba08400c369c04e08fc Mon Sep 17 00:00:00 2001 From: Taylor Swanson Date: Wed, 16 Mar 2022 15:08:35 -0500 Subject: [PATCH 19/19] Regenerate ti_cybersixgill test file --- .../pipeline/test-cybersixgill-ndjson.log-expected.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json index b1ea36ed62b..d51c37577cc 100644 --- a/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json +++ b/packages/ti_cybersixgill/data_stream/threat/_dev/test/pipeline/test-cybersixgill-ndjson.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -63,7 +63,7 @@ "virustotal": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -111,7 +111,7 @@ "virustotal": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat", @@ -157,7 +157,7 @@ "virustotal": {} }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": "threat",