misp-circl-feed/feeds/circl/stix-2.1/59c28fd3-6c10-44dd-b40d-46f5950d210f.json

1749 lines
69 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59c28fd3-6c10-44dd-b40d-46f5950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:59.000Z",
"modified": "2017-09-21T12:49:59.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59c28fd3-6c10-44dd-b40d-46f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:59.000Z",
"modified": "2017-09-21T12:49:59.000Z",
"name": "M2M - Locky 2017-09-19 : Affid=3, offline, \".ykcol\" : \"HERBALIFE Order Number: 6N01001234\" - \"6N01001234_1.7z\"",
"published": "2017-09-25T11:46:13Z",
"object_refs": [
"indicator--59c28fd3-8ba4-43a7-9788-466a950d210f",
"indicator--59c28fd4-bb34-41d4-8cad-4cb1950d210f",
"indicator--59c28fd4-41fc-4142-9754-43f9950d210f",
"observed-data--59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
"network-traffic--59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
"ipv4-addr--59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
"indicator--59c28fd5-fe78-47ad-b1bf-4bc5950d210f",
"indicator--59c28fd5-febc-402b-8871-4f83950d210f",
"observed-data--59c28fd5-42dc-484a-81e5-792e950d210f",
"network-traffic--59c28fd5-42dc-484a-81e5-792e950d210f",
"ipv4-addr--59c28fd5-42dc-484a-81e5-792e950d210f",
"indicator--59c28fd6-59ac-4244-8684-44b9950d210f",
"indicator--59c28fd6-46bc-494d-a2aa-4156950d210f",
"observed-data--59c28fd6-a4d4-442e-a8de-4425950d210f",
"network-traffic--59c28fd6-a4d4-442e-a8de-4425950d210f",
"ipv4-addr--59c28fd6-a4d4-442e-a8de-4425950d210f",
"indicator--59c28fd6-73ec-446f-b8f9-4d2b950d210f",
"indicator--59c28fd6-ef6c-40ed-81df-4e5c950d210f",
"observed-data--59c28fd8-a7dc-4549-a64e-4461950d210f",
"network-traffic--59c28fd8-a7dc-4549-a64e-4461950d210f",
"ipv4-addr--59c28fd8-a7dc-4549-a64e-4461950d210f",
"indicator--59c28fd8-6c4c-4811-a395-4ee8950d210f",
"indicator--59c28fd8-01e8-4676-b4d8-4147950d210f",
"observed-data--59c28fd9-33b0-4265-9005-4016950d210f",
"network-traffic--59c28fd9-33b0-4265-9005-4016950d210f",
"ipv4-addr--59c28fd9-33b0-4265-9005-4016950d210f",
"indicator--59c28fd9-be7c-4cb1-be22-44b8950d210f",
"indicator--59c28fd9-7124-4825-8594-79d3950d210f",
"observed-data--59c28fd9-ad38-4ab2-8311-43e5950d210f",
"network-traffic--59c28fd9-ad38-4ab2-8311-43e5950d210f",
"ipv4-addr--59c28fd9-ad38-4ab2-8311-43e5950d210f",
"indicator--59c28fd9-cf9c-4fcb-adb9-4e96950d210f",
"indicator--59c28fda-a638-4d40-b7e3-46fe950d210f",
"observed-data--59c28fda-8eb8-43be-b992-4087950d210f",
"network-traffic--59c28fda-8eb8-43be-b992-4087950d210f",
"ipv4-addr--59c28fda-8eb8-43be-b992-4087950d210f",
"indicator--59c28fda-ebf4-4157-afbc-472e950d210f",
"indicator--59c28fda-16b8-4c50-9b74-4294950d210f",
"observed-data--59c28fda-c080-4286-b46d-4ea9950d210f",
"network-traffic--59c28fda-c080-4286-b46d-4ea9950d210f",
"ipv4-addr--59c28fda-c080-4286-b46d-4ea9950d210f",
"indicator--59c28fdb-37a8-47f5-b617-4306950d210f",
"indicator--59c28fdb-d628-4a04-8b8f-4ec3950d210f",
"observed-data--59c28fdb-f510-45c5-b667-47d8950d210f",
"network-traffic--59c28fdb-f510-45c5-b667-47d8950d210f",
"ipv4-addr--59c28fdb-f510-45c5-b667-47d8950d210f",
"indicator--59c28fdb-cecc-4077-aa9a-48dd950d210f",
"indicator--59c28fdc-4dd8-47cb-8b8e-4096950d210f",
"observed-data--59c28fdc-ee24-4582-b8d6-41e4950d210f",
"network-traffic--59c28fdc-ee24-4582-b8d6-41e4950d210f",
"ipv4-addr--59c28fdc-ee24-4582-b8d6-41e4950d210f",
"indicator--59c28fdc-4a3c-442f-a1c9-4d9f950d210f",
"indicator--59c28fdc-0a6c-4d38-afb5-4823950d210f",
"observed-data--59c28fdd-9334-4001-b567-400f950d210f",
"network-traffic--59c28fdd-9334-4001-b567-400f950d210f",
"ipv4-addr--59c28fdd-9334-4001-b567-400f950d210f",
"indicator--59c28fdd-4bcc-4cd8-8828-4bcb950d210f",
"indicator--59c28fdd-5608-4b60-9b00-79d3950d210f",
"observed-data--59c28fde-27b4-4b97-816b-4465950d210f",
"network-traffic--59c28fde-27b4-4b97-816b-4465950d210f",
"ipv4-addr--59c28fde-27b4-4b97-816b-4465950d210f",
"indicator--59c28fde-e510-434b-b2db-44e0950d210f",
"indicator--59c28fde-3ba8-4491-ac76-43b2950d210f",
"observed-data--59c28fde-a200-4fb2-9abf-4c35950d210f",
"network-traffic--59c28fde-a200-4fb2-9abf-4c35950d210f",
"ipv4-addr--59c28fde-a200-4fb2-9abf-4c35950d210f",
"indicator--59c28fdf-db5c-497d-872a-4206950d210f",
"indicator--59c28fdf-f044-4445-98a4-4db9950d210f",
"observed-data--59c28fdf-766c-4c52-aaa1-482d950d210f",
"network-traffic--59c28fdf-766c-4c52-aaa1-482d950d210f",
"ipv4-addr--59c28fdf-766c-4c52-aaa1-482d950d210f",
"indicator--59c28fdf-106c-435e-b859-4738950d210f",
"indicator--59c28fdf-a3fc-4d7a-a25d-47bd950d210f",
"observed-data--59c28fe0-4f58-45dd-9831-47e3950d210f",
"network-traffic--59c28fe0-4f58-45dd-9831-47e3950d210f",
"ipv4-addr--59c28fe0-4f58-45dd-9831-47e3950d210f",
"indicator--59c28fe0-1dac-430b-9928-43e9950d210f",
"indicator--59c28fe0-3b24-4da5-8804-4f60950d210f",
"observed-data--59c28fe1-7084-4a60-87c1-4997950d210f",
"network-traffic--59c28fe1-7084-4a60-87c1-4997950d210f",
"ipv4-addr--59c28fe1-7084-4a60-87c1-4997950d210f",
"indicator--59c28fe1-a2e0-4973-9b30-4dff950d210f",
"indicator--59c28fe1-94e8-462c-8c7a-414b950d210f",
"observed-data--59c28fe2-d2d0-48ef-bad8-4170950d210f",
"network-traffic--59c28fe2-d2d0-48ef-bad8-4170950d210f",
"ipv4-addr--59c28fe2-d2d0-48ef-bad8-4170950d210f",
"indicator--59c28fe2-a7ec-4706-8796-4c56950d210f",
"indicator--59c28fe2-4760-4551-b578-4ba3950d210f",
"observed-data--59c28fe3-e500-4f9a-b3b6-49c8950d210f",
"network-traffic--59c28fe3-e500-4f9a-b3b6-49c8950d210f",
"ipv4-addr--59c28fe3-e500-4f9a-b3b6-49c8950d210f",
"indicator--59c28fe3-bbd0-4544-9e02-4fa7950d210f",
"indicator--59c28fe4-461c-43e1-999a-49e2950d210f",
"indicator--59c28fe4-0830-4425-afd3-4341950d210f",
"indicator--59c3b558-f720-4aee-b3c6-4d9902de0b81",
"indicator--59c3b558-c50c-4248-a6ff-4bdc02de0b81",
"observed-data--59c3b558-7b00-4f56-a40b-4c0202de0b81",
"url--59c3b558-7b00-4f56-a40b-4c0202de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd3-8ba4-43a7-9788-466a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[file:hashes.MD5 = 'bab4aa0cb4904865dc247c8e78fd0eca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd4-bb34-41d4-8cad-4cb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://arsmakina.org/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd4-41fc-4142-9754-43f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'arsmakina.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
"ipv4-addr--59c28fd4-f6b4-41c8-8cb2-79d3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
"dst_ref": "ipv4-addr--59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
"value": "77.245.149.146"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd5-fe78-47ad-b1bf-4bc5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://asiaresearchcenter.org/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd5-febc-402b-8871-4f83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'asiaresearchcenter.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fd5-42dc-484a-81e5-792e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fd5-42dc-484a-81e5-792e950d210f",
"ipv4-addr--59c28fd5-42dc-484a-81e5-792e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fd5-42dc-484a-81e5-792e950d210f",
"dst_ref": "ipv4-addr--59c28fd5-42dc-484a-81e5-792e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fd5-42dc-484a-81e5-792e950d210f",
"value": "68.168.111.133"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd6-59ac-4244-8684-44b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://bnphealthcare.com/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd6-46bc-494d-a2aa-4156950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'bnphealthcare.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fd6-a4d4-442e-a8de-4425950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fd6-a4d4-442e-a8de-4425950d210f",
"ipv4-addr--59c28fd6-a4d4-442e-a8de-4425950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fd6-a4d4-442e-a8de-4425950d210f",
"dst_ref": "ipv4-addr--59c28fd6-a4d4-442e-a8de-4425950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fd6-a4d4-442e-a8de-4425950d210f",
"value": "202.169.44.152"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd6-73ec-446f-b8f9-4d2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://conxibit.com/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd6-ef6c-40ed-81df-4e5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'conxibit.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fd8-a7dc-4549-a64e-4461950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fd8-a7dc-4549-a64e-4461950d210f",
"ipv4-addr--59c28fd8-a7dc-4549-a64e-4461950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fd8-a7dc-4549-a64e-4461950d210f",
"dst_ref": "ipv4-addr--59c28fd8-a7dc-4549-a64e-4461950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fd8-a7dc-4549-a64e-4461950d210f",
"value": "175.107.146.17"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd8-6c4c-4811-a395-4ee8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://cxwebdesign.de/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd8-01e8-4676-b4d8-4147950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'cxwebdesign.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fd9-33b0-4265-9005-4016950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fd9-33b0-4265-9005-4016950d210f",
"ipv4-addr--59c28fd9-33b0-4265-9005-4016950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fd9-33b0-4265-9005-4016950d210f",
"dst_ref": "ipv4-addr--59c28fd9-33b0-4265-9005-4016950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fd9-33b0-4265-9005-4016950d210f",
"value": "88.99.175.38"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd9-be7c-4cb1-be22-44b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://diakoniestation-winnenden.de/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd9-7124-4825-8594-79d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'diakoniestation-winnenden.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fd9-ad38-4ab2-8311-43e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fd9-ad38-4ab2-8311-43e5950d210f",
"ipv4-addr--59c28fd9-ad38-4ab2-8311-43e5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fd9-ad38-4ab2-8311-43e5950d210f",
"dst_ref": "ipv4-addr--59c28fd9-ad38-4ab2-8311-43e5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fd9-ad38-4ab2-8311-43e5950d210f",
"value": "213.185.88.41"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fd9-cf9c-4fcb-adb9-4e96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://download.justowin.it/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fda-a638-4d40-b7e3-46fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'download.justowin.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fda-8eb8-43be-b992-4087950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fda-8eb8-43be-b992-4087950d210f",
"ipv4-addr--59c28fda-8eb8-43be-b992-4087950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fda-8eb8-43be-b992-4087950d210f",
"dst_ref": "ipv4-addr--59c28fda-8eb8-43be-b992-4087950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fda-8eb8-43be-b992-4087950d210f",
"value": "95.110.225.147"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fda-ebf4-4157-afbc-472e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://ecofloraholland.nl/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fda-16b8-4c50-9b74-4294950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'ecofloraholland.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fda-c080-4286-b46d-4ea9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fda-c080-4286-b46d-4ea9950d210f",
"ipv4-addr--59c28fda-c080-4286-b46d-4ea9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fda-c080-4286-b46d-4ea9950d210f",
"dst_ref": "ipv4-addr--59c28fda-c080-4286-b46d-4ea9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fda-c080-4286-b46d-4ea9950d210f",
"value": "195.160.216.10"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdb-37a8-47f5-b617-4306950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://felixsolis.mobi/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdb-d628-4a04-8b8f-4ec3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'felixsolis.mobi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fdb-f510-45c5-b667-47d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fdb-f510-45c5-b667-47d8950d210f",
"ipv4-addr--59c28fdb-f510-45c5-b667-47d8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fdb-f510-45c5-b667-47d8950d210f",
"dst_ref": "ipv4-addr--59c28fdb-f510-45c5-b667-47d8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fdb-f510-45c5-b667-47d8950d210f",
"value": "5.2.27.27"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdb-cecc-4077-aa9a-48dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://foodbikers.ch/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdc-4dd8-47cb-8b8e-4096950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'foodbikers.ch']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fdc-ee24-4582-b8d6-41e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fdc-ee24-4582-b8d6-41e4950d210f",
"ipv4-addr--59c28fdc-ee24-4582-b8d6-41e4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fdc-ee24-4582-b8d6-41e4950d210f",
"dst_ref": "ipv4-addr--59c28fdc-ee24-4582-b8d6-41e4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fdc-ee24-4582-b8d6-41e4950d210f",
"value": "83.169.23.101"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdc-4a3c-442f-a1c9-4d9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://g-peer.at/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdc-0a6c-4d38-afb5-4823950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'g-peer.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fdd-9334-4001-b567-400f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fdd-9334-4001-b567-400f950d210f",
"ipv4-addr--59c28fdd-9334-4001-b567-400f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fdd-9334-4001-b567-400f950d210f",
"dst_ref": "ipv4-addr--59c28fdd-9334-4001-b567-400f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fdd-9334-4001-b567-400f950d210f",
"value": "217.172.186.114"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdd-4bcc-4cd8-8828-4bcb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://gui-design.de/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdd-5608-4b60-9b00-79d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'gui-design.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fde-27b4-4b97-816b-4465950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fde-27b4-4b97-816b-4465950d210f",
"ipv4-addr--59c28fde-27b4-4b97-816b-4465950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fde-27b4-4b97-816b-4465950d210f",
"dst_ref": "ipv4-addr--59c28fde-27b4-4b97-816b-4465950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fde-27b4-4b97-816b-4465950d210f",
"value": "92.51.181.237"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fde-e510-434b-b2db-44e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://highpressurewelding.co.uk/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fde-3ba8-4491-ac76-43b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'highpressurewelding.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fde-a200-4fb2-9abf-4c35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fde-a200-4fb2-9abf-4c35950d210f",
"ipv4-addr--59c28fde-a200-4fb2-9abf-4c35950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fde-a200-4fb2-9abf-4c35950d210f",
"dst_ref": "ipv4-addr--59c28fde-a200-4fb2-9abf-4c35950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fde-a200-4fb2-9abf-4c35950d210f",
"value": "91.192.195.51"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdf-db5c-497d-872a-4206950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://housecafe-essen.de/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdf-f044-4445-98a4-4db9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'housecafe-essen.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fdf-766c-4c52-aaa1-482d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fdf-766c-4c52-aaa1-482d950d210f",
"ipv4-addr--59c28fdf-766c-4c52-aaa1-482d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fdf-766c-4c52-aaa1-482d950d210f",
"dst_ref": "ipv4-addr--59c28fdf-766c-4c52-aaa1-482d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fdf-766c-4c52-aaa1-482d950d210f",
"value": "178.77.96.238"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdf-106c-435e-b859-4738950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://isiquest1.com/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fdf-a3fc-4d7a-a25d-47bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[domain-name:value = 'isiquest1.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fe0-4f58-45dd-9831-47e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fe0-4f58-45dd-9831-47e3950d210f",
"ipv4-addr--59c28fe0-4f58-45dd-9831-47e3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fe0-4f58-45dd-9831-47e3950d210f",
"dst_ref": "ipv4-addr--59c28fe0-4f58-45dd-9831-47e3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fe0-4f58-45dd-9831-47e3950d210f",
"value": "178.33.107.201"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe0-1dac-430b-9928-43e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"pattern": "[url:value = 'http://secureleads.com/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe0-3b24-4da5-8804-4f60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"pattern": "[domain-name:value = 'secureleads.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fe1-7084-4a60-87c1-4997950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"first_observed": "2017-09-21T12:49:27Z",
"last_observed": "2017-09-21T12:49:27Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fe1-7084-4a60-87c1-4997950d210f",
"ipv4-addr--59c28fe1-7084-4a60-87c1-4997950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fe1-7084-4a60-87c1-4997950d210f",
"dst_ref": "ipv4-addr--59c28fe1-7084-4a60-87c1-4997950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fe1-7084-4a60-87c1-4997950d210f",
"value": "72.32.221.251"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe1-a2e0-4973-9b30-4dff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"pattern": "[url:value = 'http://teracom.co.id/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe1-94e8-462c-8c7a-414b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"pattern": "[domain-name:value = 'teracom.co.id']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fe2-d2d0-48ef-bad8-4170950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"first_observed": "2017-09-21T12:49:27Z",
"last_observed": "2017-09-21T12:49:27Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fe2-d2d0-48ef-bad8-4170950d210f",
"ipv4-addr--59c28fe2-d2d0-48ef-bad8-4170950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fe2-d2d0-48ef-bad8-4170950d210f",
"dst_ref": "ipv4-addr--59c28fe2-d2d0-48ef-bad8-4170950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fe2-d2d0-48ef-bad8-4170950d210f",
"value": "202.169.44.149"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe2-a7ec-4706-8796-4c56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"pattern": "[url:value = 'http://ycgrp.jp/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe2-4760-4551-b578-4ba3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"pattern": "[domain-name:value = 'ycgrp.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c28fe3-e500-4f9a-b3b6-49c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"first_observed": "2017-09-21T12:49:27Z",
"last_observed": "2017-09-21T12:49:27Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c28fe3-e500-4f9a-b3b6-49c8950d210f",
"ipv4-addr--59c28fe3-e500-4f9a-b3b6-49c8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c28fe3-e500-4f9a-b3b6-49c8950d210f",
"dst_ref": "ipv4-addr--59c28fe3-e500-4f9a-b3b6-49c8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c28fe3-e500-4f9a-b3b6-49c8950d210f",
"value": "180.222.186.87"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe3-bbd0-4544-9e02-4fa7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"pattern": "[url:value = 'http://zionbrand.su/p66/JGHldb03m']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe4-461c-43e1-999a-49e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"pattern": "[domain-name:value = 'zionbrand.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c28fe4-0830-4425-afd3-4341950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:27.000Z",
"modified": "2017-09-21T12:49:27.000Z",
"pattern": "[domain-name:value = 'hrbl.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c3b558-f720-4aee-b3c6-4d9902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"description": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca",
"pattern": "[file:hashes.SHA256 = '43d61bee5ee1ca77d2339d00b69b3675425714598e2b1c81f5351fb1166ab8ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c3b558-c50c-4248-a6ff-4bdc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"description": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca",
"pattern": "[file:hashes.SHA1 = '3a2cc64eb0060a0ba7251b723b33441431705d2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-21T12:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c3b558-7b00-4f56-a40b-4c0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-21T12:49:28.000Z",
"modified": "2017-09-21T12:49:28.000Z",
"first_observed": "2017-09-21T12:49:28Z",
"last_observed": "2017-09-21T12:49:28Z",
"number_observed": 1,
"object_refs": [
"url--59c3b558-7b00-4f56-a40b-4c0202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59c3b558-7b00-4f56-a40b-4c0202de0b81",
"value": "https://www.virustotal.com/file/43d61bee5ee1ca77d2339d00b69b3675425714598e2b1c81f5351fb1166ab8ca/analysis/1505860831/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}