adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59d771e1-db74-4d94-97d4-d899950d210f.json

1385 lines
55 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59d771e1-db74-4d94-97d4-d899950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:16:42.000Z",
"modified": "2017-10-15T16:16:42.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59d771e1-db74-4d94-97d4-d899950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:16:42.000Z",
"modified": "2017-10-15T16:16:42.000Z",
"name": "M2M - Locky 2017-10-06 : Affid=3, offline, \".ykcol\" : \"Your Remittance Advice\" - \"12345 Remittance.7z\"",
"published": "2017-10-15T16:16:50Z",
"object_refs": [
"indicator--59d771e2-86b0-4e39-9223-d7f0950d210f",
"indicator--59d771e2-9a2c-4da9-90b2-4114950d210f",
"indicator--59d771e2-30c4-417c-8e73-d88e950d210f",
"observed-data--59d771e3-4124-4215-9acc-d4aa950d210f",
"network-traffic--59d771e3-4124-4215-9acc-d4aa950d210f",
"ipv4-addr--59d771e3-4124-4215-9acc-d4aa950d210f",
"indicator--59d771e3-a948-416c-b5e5-839d950d210f",
"indicator--59d771e3-f0bc-40b3-865e-d50f950d210f",
"observed-data--59d771e3-127c-4cec-858d-d89a950d210f",
"network-traffic--59d771e3-127c-4cec-858d-d89a950d210f",
"ipv4-addr--59d771e3-127c-4cec-858d-d89a950d210f",
"indicator--59d771e4-f8f8-4c27-a85c-d87d950d210f",
"indicator--59d771e4-49f0-46fe-af3e-80c4950d210f",
"observed-data--59d771e4-c740-4e4c-b22e-4114950d210f",
"network-traffic--59d771e4-c740-4e4c-b22e-4114950d210f",
"ipv4-addr--59d771e4-c740-4e4c-b22e-4114950d210f",
"indicator--59d771e4-8f0c-4195-8b7f-d50d950d210f",
"indicator--59d771e5-e454-4bfb-a46b-d899950d210f",
"observed-data--59d771e5-a6d0-4c16-805b-d898950d210f",
"network-traffic--59d771e5-a6d0-4c16-805b-d898950d210f",
"ipv4-addr--59d771e5-a6d0-4c16-805b-d898950d210f",
"indicator--59d771e5-7fb4-4818-8410-d834950d210f",
"indicator--59d771e5-4e2c-4657-9519-d7f0950d210f",
"observed-data--59d771e6-0ea0-4dbe-92cd-d88e950d210f",
"network-traffic--59d771e6-0ea0-4dbe-92cd-d88e950d210f",
"ipv4-addr--59d771e6-0ea0-4dbe-92cd-d88e950d210f",
"indicator--59d771e6-1ca0-4303-b897-839d950d210f",
"indicator--59d771e6-a184-4efa-aa71-d89a950d210f",
"observed-data--59d771e6-dc58-4465-93f4-d87d950d210f",
"network-traffic--59d771e6-dc58-4465-93f4-d87d950d210f",
"ipv4-addr--59d771e6-dc58-4465-93f4-d87d950d210f",
"indicator--59d771e6-fdd8-4b22-8c94-80c4950d210f",
"indicator--59d771e6-2db0-4a2b-94e3-4bfc950d210f",
"observed-data--59d771e7-713c-4b2c-93d1-d50d950d210f",
"network-traffic--59d771e7-713c-4b2c-93d1-d50d950d210f",
"ipv4-addr--59d771e7-713c-4b2c-93d1-d50d950d210f",
"indicator--59d771e7-684c-4387-bf52-d899950d210f",
"indicator--59d771e7-e100-4ff8-94d2-83f8950d210f",
"observed-data--59d771e7-c594-4e5b-a458-409b950d210f",
"network-traffic--59d771e7-c594-4e5b-a458-409b950d210f",
"ipv4-addr--59d771e7-c594-4e5b-a458-409b950d210f",
"indicator--59d771e8-66d4-4bf4-be02-d898950d210f",
"indicator--59d771e8-a258-4a28-98ea-d88d950d210f",
"observed-data--59d771e8-34f4-4c84-85b5-d834950d210f",
"network-traffic--59d771e8-34f4-4c84-85b5-d834950d210f",
"ipv4-addr--59d771e8-34f4-4c84-85b5-d834950d210f",
"indicator--59d771e8-68d4-4ea3-aa7b-d7f0950d210f",
"indicator--59d771e9-d250-4500-b122-439f950d210f",
"observed-data--59d771e9-b36c-4859-a6fa-d88e950d210f",
"network-traffic--59d771e9-b36c-4859-a6fa-d88e950d210f",
"ipv4-addr--59d771e9-b36c-4859-a6fa-d88e950d210f",
"indicator--59d771e9-2228-493b-a364-d4aa950d210f",
"indicator--59d771e9-368c-494b-a470-839d950d210f",
"observed-data--59d771e9-b170-44ec-9068-d89a950d210f",
"network-traffic--59d771e9-b170-44ec-9068-d89a950d210f",
"ipv4-addr--59d771e9-b170-44ec-9068-d89a950d210f",
"indicator--59d771ea-67ac-4c38-897d-d87d950d210f",
"indicator--59d771ea-f064-42ad-b5d2-80c4950d210f",
"observed-data--59d771ea-fe70-4293-8dba-44d4950d210f",
"network-traffic--59d771ea-fe70-4293-8dba-44d4950d210f",
"ipv4-addr--59d771ea-fe70-4293-8dba-44d4950d210f",
"indicator--59d771ea-cc20-48bf-bbc0-d50d950d210f",
"indicator--59d771eb-5d30-4dbd-a67c-d899950d210f",
"observed-data--59d771eb-cc3c-48b3-90d7-83f8950d210f",
"network-traffic--59d771eb-cc3c-48b3-90d7-83f8950d210f",
"ipv4-addr--59d771eb-cc3c-48b3-90d7-83f8950d210f",
"indicator--59d771eb-3dd0-47be-8d35-d898950d210f",
"indicator--59d771eb-e51c-4c89-bb0f-d88d950d210f",
"observed-data--59d771ec-0be4-4da0-acfd-d7f0950d210f",
"network-traffic--59d771ec-0be4-4da0-acfd-d7f0950d210f",
"ipv4-addr--59d771ec-0be4-4da0-acfd-d7f0950d210f",
"indicator--59d771ec-b954-4f76-a9a1-4d96950d210f",
"indicator--59d771ec-3934-482f-9d0f-d88e950d210f",
"indicator--59e389a9-a2a4-48d1-bc89-85eb02de0b81",
"indicator--59e389a9-b248-4a68-a78b-85eb02de0b81",
"observed-data--59e389a9-629c-414d-a5a3-85eb02de0b81",
"url--59e389a9-629c-414d-a5a3-85eb02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e2-86b0-4e39-9223-d7f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[file:hashes.MD5 = '9979bd6521e1fbd4dcd2ff58da4c84ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e2-9a2c-4da9-90b2-4114950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://2-wave.com/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e2-30c4-417c-8e73-d88e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = '2-wave.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e3-4124-4215-9acc-d4aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e3-4124-4215-9acc-d4aa950d210f",
"ipv4-addr--59d771e3-4124-4215-9acc-d4aa950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e3-4124-4215-9acc-d4aa950d210f",
"dst_ref": "ipv4-addr--59d771e3-4124-4215-9acc-d4aa950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e3-4124-4215-9acc-d4aa950d210f",
"value": "209.54.62.81"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e3-a948-416c-b5e5-839d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://3e.com.pt/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e3-f0bc-40b3-865e-d50f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = '3e.com.pt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e3-127c-4cec-858d-d89a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e3-127c-4cec-858d-d89a950d210f",
"ipv4-addr--59d771e3-127c-4cec-858d-d89a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e3-127c-4cec-858d-d89a950d210f",
"dst_ref": "ipv4-addr--59d771e3-127c-4cec-858d-d89a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e3-127c-4cec-858d-d89a950d210f",
"value": "174.141.224.179"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e4-f8f8-4c27-a85c-d87d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://9ninewright.net/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e4-49f0-46fe-af3e-80c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = '9ninewright.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e4-c740-4e4c-b22e-4114950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e4-c740-4e4c-b22e-4114950d210f",
"ipv4-addr--59d771e4-c740-4e4c-b22e-4114950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e4-c740-4e4c-b22e-4114950d210f",
"dst_ref": "ipv4-addr--59d771e4-c740-4e4c-b22e-4114950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e4-c740-4e4c-b22e-4114950d210f",
"value": "98.124.251.65"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e4-8f0c-4195-8b7f-d50d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://agricom.it/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e5-e454-4bfb-a46b-d899950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'agricom.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e5-a6d0-4c16-805b-d898950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e5-a6d0-4c16-805b-d898950d210f",
"ipv4-addr--59d771e5-a6d0-4c16-805b-d898950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e5-a6d0-4c16-805b-d898950d210f",
"dst_ref": "ipv4-addr--59d771e5-a6d0-4c16-805b-d898950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e5-a6d0-4c16-805b-d898950d210f",
"value": "195.225.168.230"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e5-7fb4-4818-8410-d834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://agriturismo-1001ulivo.it/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e5-4e2c-4657-9519-d7f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'agriturismo-1001ulivo.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e6-0ea0-4dbe-92cd-d88e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e6-0ea0-4dbe-92cd-d88e950d210f",
"ipv4-addr--59d771e6-0ea0-4dbe-92cd-d88e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e6-0ea0-4dbe-92cd-d88e950d210f",
"dst_ref": "ipv4-addr--59d771e6-0ea0-4dbe-92cd-d88e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e6-0ea0-4dbe-92cd-d88e950d210f",
"value": "85.235.131.27"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e6-1ca0-4303-b897-839d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://agriturismobellaria.net/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e6-a184-4efa-aa71-d89a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'agriturismobellaria.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e6-dc58-4465-93f4-d87d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e6-dc58-4465-93f4-d87d950d210f",
"ipv4-addr--59d771e6-dc58-4465-93f4-d87d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e6-dc58-4465-93f4-d87d950d210f",
"dst_ref": "ipv4-addr--59d771e6-dc58-4465-93f4-d87d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e6-dc58-4465-93f4-d87d950d210f",
"value": "80.88.87.95"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e6-fdd8-4b22-8c94-80c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://a-host.co.uk/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e6-2db0-4a2b-94e3-4bfc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'a-host.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e7-713c-4b2c-93d1-d50d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e7-713c-4b2c-93d1-d50d950d210f",
"ipv4-addr--59d771e7-713c-4b2c-93d1-d50d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e7-713c-4b2c-93d1-d50d950d210f",
"dst_ref": "ipv4-addr--59d771e7-713c-4b2c-93d1-d50d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e7-713c-4b2c-93d1-d50d950d210f",
"value": "213.165.85.53"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e7-684c-4387-bf52-d899950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://alexandre-azaria.com/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e7-e100-4ff8-94d2-83f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'alexandre-azaria.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e7-c594-4e5b-a458-409b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e7-c594-4e5b-a458-409b950d210f",
"ipv4-addr--59d771e7-c594-4e5b-a458-409b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e7-c594-4e5b-a458-409b950d210f",
"dst_ref": "ipv4-addr--59d771e7-c594-4e5b-a458-409b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e7-c594-4e5b-a458-409b950d210f",
"value": "195.154.231.6"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e8-66d4-4bf4-be02-d898950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://allesandradesigns.com/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e8-a258-4a28-98ea-d88d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'allesandradesigns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e8-34f4-4c84-85b5-d834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e8-34f4-4c84-85b5-d834950d210f",
"ipv4-addr--59d771e8-34f4-4c84-85b5-d834950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e8-34f4-4c84-85b5-d834950d210f",
"dst_ref": "ipv4-addr--59d771e8-34f4-4c84-85b5-d834950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e8-34f4-4c84-85b5-d834950d210f",
"value": "173.203.199.105"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e8-68d4-4ea3-aa7b-d7f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://andresarlemijn.nl/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e9-d250-4500-b122-439f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'andresarlemijn.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e9-b36c-4859-a6fa-d88e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e9-b36c-4859-a6fa-d88e950d210f",
"ipv4-addr--59d771e9-b36c-4859-a6fa-d88e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e9-b36c-4859-a6fa-d88e950d210f",
"dst_ref": "ipv4-addr--59d771e9-b36c-4859-a6fa-d88e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e9-b36c-4859-a6fa-d88e950d210f",
"value": "195.60.215.74"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e9-2228-493b-a364-d4aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://appartement-sailer.at/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771e9-368c-494b-a470-839d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'appartement-sailer.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771e9-b170-44ec-9068-d89a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771e9-b170-44ec-9068-d89a950d210f",
"ipv4-addr--59d771e9-b170-44ec-9068-d89a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771e9-b170-44ec-9068-d89a950d210f",
"dst_ref": "ipv4-addr--59d771e9-b170-44ec-9068-d89a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771e9-b170-44ec-9068-d89a950d210f",
"value": "83.175.70.7"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771ea-67ac-4c38-897d-d87d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://asheardontheradiogreens.com/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771ea-f064-42ad-b5d2-80c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'asheardontheradiogreens.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771ea-fe70-4293-8dba-44d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771ea-fe70-4293-8dba-44d4950d210f",
"ipv4-addr--59d771ea-fe70-4293-8dba-44d4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771ea-fe70-4293-8dba-44d4950d210f",
"dst_ref": "ipv4-addr--59d771ea-fe70-4293-8dba-44d4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771ea-fe70-4293-8dba-44d4950d210f",
"value": "199.30.241.139"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771ea-cc20-48bf-bbc0-d50d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://felixsolis.mobi/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771eb-5d30-4dbd-a67c-d899950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'felixsolis.mobi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771eb-cc3c-48b3-90d7-83f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771eb-cc3c-48b3-90d7-83f8950d210f",
"ipv4-addr--59d771eb-cc3c-48b3-90d7-83f8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771eb-cc3c-48b3-90d7-83f8950d210f",
"dst_ref": "ipv4-addr--59d771eb-cc3c-48b3-90d7-83f8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771eb-cc3c-48b3-90d7-83f8950d210f",
"value": "5.2.27.27"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771eb-3dd0-47be-8d35-d898950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://PamelaSparrowChilds.com/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771eb-e51c-4c89-bb0f-d88d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'pamelasparrowchilds.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59d771ec-0be4-4da0-acfd-d7f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59d771ec-0be4-4da0-acfd-d7f0950d210f",
"ipv4-addr--59d771ec-0be4-4da0-acfd-d7f0950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59d771ec-0be4-4da0-acfd-d7f0950d210f",
"dst_ref": "ipv4-addr--59d771ec-0be4-4da0-acfd-d7f0950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59d771ec-0be4-4da0-acfd-d7f0950d210f",
"value": "23.229.153.66"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771ec-b954-4f76-a9a1-4d96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[url:value = 'http://thedarkpvp.net/p66/uywtfgh36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59d771ec-3934-482f-9d0f-d88e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"pattern": "[domain-name:value = 'thedarkpvp.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59e389a9-a2a4-48d1-bc89-85eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"description": "- Xchecked via VT: 9979bd6521e1fbd4dcd2ff58da4c84ba",
"pattern": "[file:hashes.SHA256 = '716f616221f5e45a9e45edb013ab59fdf27c000e0e6dcb77267c37f09ad75589']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59e389a9-b248-4a68-a78b-85eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"description": "- Xchecked via VT: 9979bd6521e1fbd4dcd2ff58da4c84ba",
"pattern": "[file:hashes.SHA1 = 'dfd1633be76a92e1d8b3e43e91d8c1a959d2c8d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-15T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59e389a9-629c-414d-a5a3-85eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-15T16:15:37.000Z",
"modified": "2017-10-15T16:15:37.000Z",
"first_observed": "2017-10-15T16:15:37Z",
"last_observed": "2017-10-15T16:15:37Z",
"number_observed": 1,
"object_refs": [
"url--59e389a9-629c-414d-a5a3-85eb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59e389a9-629c-414d-a5a3-85eb02de0b81",
"value": "https://www.virustotal.com/file/716f616221f5e45a9e45edb013ab59fdf27c000e0e6dcb77267c37f09ad75589/analysis/1507945517/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink