misp-circl-feed/feeds/circl/stix-2.1/59ddbb11-bf70-497d-8f9f-096f950d210f.json

2949 lines
118 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59ddbb11-bf70-497d-8f9f-096f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:22.000Z",
"modified": "2017-10-12T17:31:22.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59ddbb11-bf70-497d-8f9f-096f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:22.000Z",
"modified": "2017-10-12T17:31:22.000Z",
"name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-05 : \"Invoice INV0000123\" - \"Invoice INV0000123.7z\"",
"published": "2017-10-12T17:36:44Z",
"object_refs": [
"indicator--59ddbb12-8b68-43b7-8cdc-472e950d210f",
"indicator--59ddbb12-20d8-4046-ac94-4ea7950d210f",
"indicator--59ddbb12-31e4-45cb-a1c4-42da950d210f",
"indicator--59ddbb12-7eac-42e7-b370-4a2a950d210f",
"observed-data--59ddbb12-2bc4-4fd4-8a21-096f950d210f",
"network-traffic--59ddbb12-2bc4-4fd4-8a21-096f950d210f",
"ipv4-addr--59ddbb12-2bc4-4fd4-8a21-096f950d210f",
"indicator--59ddbb13-e6c4-4dda-8d3e-61c1950d210f",
"indicator--59ddbb13-d094-4618-8168-4301950d210f",
"observed-data--59ddbb13-691c-44db-a6c2-4b94950d210f",
"network-traffic--59ddbb13-691c-44db-a6c2-4b94950d210f",
"ipv4-addr--59ddbb13-691c-44db-a6c2-4b94950d210f",
"indicator--59ddbb13-28c4-44f1-a8ea-4373950d210f",
"indicator--59ddbb14-ba14-44fe-a5ef-48ba950d210f",
"observed-data--59ddbb14-6760-4c4b-9b9f-47b4950d210f",
"network-traffic--59ddbb14-6760-4c4b-9b9f-47b4950d210f",
"ipv4-addr--59ddbb14-6760-4c4b-9b9f-47b4950d210f",
"indicator--59ddbb14-ff5c-480c-af73-46fb950d210f",
"indicator--59ddbb14-bfb0-4d4c-923f-6211950d210f",
"observed-data--59ddbb15-2384-49c8-bcd2-096f950d210f",
"network-traffic--59ddbb15-2384-49c8-bcd2-096f950d210f",
"ipv4-addr--59ddbb15-2384-49c8-bcd2-096f950d210f",
"indicator--59ddbb15-e084-4e3d-90d7-46c2950d210f",
"indicator--59ddbb15-20cc-45f4-bb74-43e7950d210f",
"indicator--59ddbb30-f250-4d32-896f-31f8950d210f",
"indicator--59ddbb30-847c-49ec-8898-6211950d210f",
"observed-data--59ddbb30-5f64-464c-a30c-435e950d210f",
"network-traffic--59ddbb30-5f64-464c-a30c-435e950d210f",
"ipv4-addr--59ddbb30-5f64-464c-a30c-435e950d210f",
"indicator--59ddbb30-d9f4-4f7a-b6c5-40ac950d210f",
"indicator--59ddbb31-c598-49a2-9ad3-4e98950d210f",
"observed-data--59ddbb31-4ee4-42b4-b346-4714950d210f",
"network-traffic--59ddbb31-4ee4-42b4-b346-4714950d210f",
"ipv4-addr--59ddbb31-4ee4-42b4-b346-4714950d210f",
"indicator--59ddbb31-64ac-4d16-a751-4f67950d210f",
"indicator--59ddbb31-ee84-4191-b599-4308950d210f",
"observed-data--59ddbb31-e680-4866-8875-b4e9950d210f",
"network-traffic--59ddbb31-e680-4866-8875-b4e9950d210f",
"ipv4-addr--59ddbb31-e680-4866-8875-b4e9950d210f",
"indicator--59ddbb31-0ec8-4e97-bfa5-4d2e950d210f",
"indicator--59ddbb32-4020-45b5-a717-4907950d210f",
"observed-data--59ddbb32-b724-43ec-940f-31f8950d210f",
"network-traffic--59ddbb32-b724-43ec-940f-31f8950d210f",
"ipv4-addr--59ddbb32-b724-43ec-940f-31f8950d210f",
"indicator--59ddbb32-d9e0-4369-9c2b-445c950d210f",
"indicator--59ddbb32-630c-440c-9ed8-4655950d210f",
"observed-data--59ddbb32-27d8-4819-ad13-4857950d210f",
"network-traffic--59ddbb32-27d8-4819-ad13-4857950d210f",
"ipv4-addr--59ddbb32-27d8-4819-ad13-4857950d210f",
"indicator--59ddbb32-cef8-4fef-b63d-43a7950d210f",
"indicator--59ddbb33-2b24-4b89-9efe-096f950d210f",
"observed-data--59ddbb33-4fc8-4fe7-a93b-4405950d210f",
"network-traffic--59ddbb33-4fc8-4fe7-a93b-4405950d210f",
"ipv4-addr--59ddbb33-4fc8-4fe7-a93b-4405950d210f",
"indicator--59ddbb33-eee0-4c96-9bed-41fc950d210f",
"indicator--59ddbb33-984c-47dc-aa36-61c1950d210f",
"observed-data--59ddbb33-1200-4306-ae88-4997950d210f",
"network-traffic--59ddbb33-1200-4306-ae88-4997950d210f",
"ipv4-addr--59ddbb33-1200-4306-ae88-4997950d210f",
"indicator--59ddbb34-03b4-4f20-8951-4318950d210f",
"indicator--59ddbb34-935c-4aec-8a26-439c950d210f",
"observed-data--59ddbb34-6a60-449b-b066-31f8950d210f",
"network-traffic--59ddbb34-6a60-449b-b066-31f8950d210f",
"ipv4-addr--59ddbb34-6a60-449b-b066-31f8950d210f",
"indicator--59ddbb34-11b0-4129-82e5-6211950d210f",
"indicator--59ddbb34-62f8-4224-9f5a-49cf950d210f",
"observed-data--59ddbb34-7bac-4a31-a219-4ef3950d210f",
"network-traffic--59ddbb34-7bac-4a31-a219-4ef3950d210f",
"ipv4-addr--59ddbb34-7bac-4a31-a219-4ef3950d210f",
"indicator--59ddbb35-3b08-4f34-b609-096f950d210f",
"indicator--59ddbb35-12e0-4d65-96ad-47b2950d210f",
"observed-data--59ddbb35-ab34-49be-96b1-43c2950d210f",
"network-traffic--59ddbb35-ab34-49be-96b1-43c2950d210f",
"ipv4-addr--59ddbb35-ab34-49be-96b1-43c2950d210f",
"indicator--59ddbb35-3678-4467-91ee-4ee2950d210f",
"indicator--59ddbb35-a03c-4569-94b1-b4e9950d210f",
"observed-data--59ddbb36-104c-4041-b60c-4d65950d210f",
"network-traffic--59ddbb36-104c-4041-b60c-4d65950d210f",
"ipv4-addr--59ddbb36-104c-4041-b60c-4d65950d210f",
"indicator--59ddbb36-88a0-45b8-be57-4289950d210f",
"indicator--59ddbb36-564c-4c81-8841-4c72950d210f",
"observed-data--59ddbb36-7828-4c75-a1c0-41d8950d210f",
"network-traffic--59ddbb36-7828-4c75-a1c0-41d8950d210f",
"ipv4-addr--59ddbb36-7828-4c75-a1c0-41d8950d210f",
"indicator--59ddbb36-1ee4-45c7-b7d3-4361950d210f",
"indicator--59ddbb36-1690-4679-ac0e-446a950d210f",
"observed-data--59ddbb37-2898-424d-8b96-096f950d210f",
"network-traffic--59ddbb37-2898-424d-8b96-096f950d210f",
"ipv4-addr--59ddbb37-2898-424d-8b96-096f950d210f",
"indicator--59ddbb37-106c-4437-beef-4b6d950d210f",
"observed-data--59ddbb55-2fb0-46a2-9f49-43c8950d210f",
"network-traffic--59ddbb55-2fb0-46a2-9f49-43c8950d210f",
"ipv4-addr--59ddbb55-2fb0-46a2-9f49-43c8950d210f",
"observed-data--59ddbb55-9c2c-4629-8ac0-4afb950d210f",
"network-traffic--59ddbb55-9c2c-4629-8ac0-4afb950d210f",
"ipv4-addr--59ddbb55-9c2c-4629-8ac0-4afb950d210f",
"observed-data--59ddbb56-f3ec-479e-8483-4c73950d210f",
"network-traffic--59ddbb56-f3ec-479e-8483-4c73950d210f",
"ipv4-addr--59ddbb56-f3ec-479e-8483-4c73950d210f",
"observed-data--59ddbb56-ab94-40a8-a610-4a71950d210f",
"network-traffic--59ddbb56-ab94-40a8-a610-4a71950d210f",
"ipv4-addr--59ddbb56-ab94-40a8-a610-4a71950d210f",
"observed-data--59ddbb56-d24c-4f04-bf6b-b4e9950d210f",
"network-traffic--59ddbb56-d24c-4f04-bf6b-b4e9950d210f",
"ipv4-addr--59ddbb56-d24c-4f04-bf6b-b4e9950d210f",
"observed-data--59ddbb57-e908-4aac-a66d-4637950d210f",
"network-traffic--59ddbb57-e908-4aac-a66d-4637950d210f",
"ipv4-addr--59ddbb57-e908-4aac-a66d-4637950d210f",
"observed-data--59ddbb57-e29c-42df-8614-4df9950d210f",
"network-traffic--59ddbb57-e29c-42df-8614-4df9950d210f",
"ipv4-addr--59ddbb57-e29c-42df-8614-4df9950d210f",
"observed-data--59ddbb57-1c00-484b-b662-31f8950d210f",
"network-traffic--59ddbb57-1c00-484b-b662-31f8950d210f",
"ipv4-addr--59ddbb57-1c00-484b-b662-31f8950d210f",
"observed-data--59ddbb57-319c-4c1b-a66c-6211950d210f",
"network-traffic--59ddbb57-319c-4c1b-a66c-6211950d210f",
"ipv4-addr--59ddbb57-319c-4c1b-a66c-6211950d210f",
"observed-data--59ddbb58-daec-4909-8b04-4757950d210f",
"network-traffic--59ddbb58-daec-4909-8b04-4757950d210f",
"ipv4-addr--59ddbb58-daec-4909-8b04-4757950d210f",
"observed-data--59ddbb58-4d20-4652-912a-4c51950d210f",
"network-traffic--59ddbb58-4d20-4652-912a-4c51950d210f",
"ipv4-addr--59ddbb58-4d20-4652-912a-4c51950d210f",
"observed-data--59ddbb58-0ac0-4156-90d1-47ee950d210f",
"network-traffic--59ddbb58-0ac0-4156-90d1-47ee950d210f",
"ipv4-addr--59ddbb58-0ac0-4156-90d1-47ee950d210f",
"observed-data--59ddbb58-9090-445e-9ab2-4388950d210f",
"network-traffic--59ddbb58-9090-445e-9ab2-4388950d210f",
"ipv4-addr--59ddbb58-9090-445e-9ab2-4388950d210f",
"observed-data--59ddbb59-20e0-497a-bff7-46d5950d210f",
"network-traffic--59ddbb59-20e0-497a-bff7-46d5950d210f",
"ipv4-addr--59ddbb59-20e0-497a-bff7-46d5950d210f",
"observed-data--59ddbb59-c9f8-465c-9b6b-61c1950d210f",
"network-traffic--59ddbb59-c9f8-465c-9b6b-61c1950d210f",
"ipv4-addr--59ddbb59-c9f8-465c-9b6b-61c1950d210f",
"observed-data--59ddbb59-7d70-4f63-b210-474e950d210f",
"network-traffic--59ddbb59-7d70-4f63-b210-474e950d210f",
"ipv4-addr--59ddbb59-7d70-4f63-b210-474e950d210f",
"observed-data--59ddbb5a-e7f8-490d-88b8-4c33950d210f",
"network-traffic--59ddbb5a-e7f8-490d-88b8-4c33950d210f",
"ipv4-addr--59ddbb5a-e7f8-490d-88b8-4c33950d210f",
"observed-data--59ddbb5a-cf38-4a69-974a-31f8950d210f",
"network-traffic--59ddbb5a-cf38-4a69-974a-31f8950d210f",
"ipv4-addr--59ddbb5a-cf38-4a69-974a-31f8950d210f",
"observed-data--59ddbb5a-0350-4b6f-b415-4723950d210f",
"network-traffic--59ddbb5a-0350-4b6f-b415-4723950d210f",
"ipv4-addr--59ddbb5a-0350-4b6f-b415-4723950d210f",
"observed-data--59ddbb5a-6ec8-42cb-98f6-4528950d210f",
"network-traffic--59ddbb5a-6ec8-42cb-98f6-4528950d210f",
"ipv4-addr--59ddbb5a-6ec8-42cb-98f6-4528950d210f",
"observed-data--59ddbb5b-ef38-4633-ba93-447f950d210f",
"network-traffic--59ddbb5b-ef38-4633-ba93-447f950d210f",
"ipv4-addr--59ddbb5b-ef38-4633-ba93-447f950d210f",
"observed-data--59ddbb5b-da70-4c58-ae80-4d5b950d210f",
"network-traffic--59ddbb5b-da70-4c58-ae80-4d5b950d210f",
"ipv4-addr--59ddbb5b-da70-4c58-ae80-4d5b950d210f",
"observed-data--59ddbb5b-2694-4f57-97ac-4b4c950d210f",
"network-traffic--59ddbb5b-2694-4f57-97ac-4b4c950d210f",
"ipv4-addr--59ddbb5b-2694-4f57-97ac-4b4c950d210f",
"observed-data--59ddbb5b-e7f8-412f-a141-4917950d210f",
"network-traffic--59ddbb5b-e7f8-412f-a141-4917950d210f",
"ipv4-addr--59ddbb5b-e7f8-412f-a141-4917950d210f",
"observed-data--59ddbb5c-8ec4-41a1-af46-61c1950d210f",
"network-traffic--59ddbb5c-8ec4-41a1-af46-61c1950d210f",
"ipv4-addr--59ddbb5c-8ec4-41a1-af46-61c1950d210f",
"observed-data--59ddbb5c-3c2c-4a85-b43c-4632950d210f",
"network-traffic--59ddbb5c-3c2c-4a85-b43c-4632950d210f",
"ipv4-addr--59ddbb5c-3c2c-4a85-b43c-4632950d210f",
"observed-data--59ddbb5c-2b5c-45f2-83d6-4a73950d210f",
"network-traffic--59ddbb5c-2b5c-45f2-83d6-4a73950d210f",
"ipv4-addr--59ddbb5c-2b5c-45f2-83d6-4a73950d210f",
"observed-data--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f",
"network-traffic--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f",
"ipv4-addr--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f",
"observed-data--59ddbb5c-7964-4600-9a11-4ebb950d210f",
"network-traffic--59ddbb5c-7964-4600-9a11-4ebb950d210f",
"ipv4-addr--59ddbb5c-7964-4600-9a11-4ebb950d210f",
"observed-data--59ddbb5d-2f54-4c05-9b10-45bf950d210f",
"network-traffic--59ddbb5d-2f54-4c05-9b10-45bf950d210f",
"ipv4-addr--59ddbb5d-2f54-4c05-9b10-45bf950d210f",
"observed-data--59ddbb5d-167c-4da3-8bc7-4c5d950d210f",
"network-traffic--59ddbb5d-167c-4da3-8bc7-4c5d950d210f",
"ipv4-addr--59ddbb5d-167c-4da3-8bc7-4c5d950d210f",
"observed-data--59ddbb5e-ea60-4971-84f3-4540950d210f",
"network-traffic--59ddbb5e-ea60-4971-84f3-4540950d210f",
"ipv4-addr--59ddbb5e-ea60-4971-84f3-4540950d210f",
"indicator--59dfa6e9-262c-4e99-bfb7-419002de0b81",
"indicator--59dfa6e9-b6f8-4b70-9c45-49a902de0b81",
"observed-data--59dfa6e9-d474-4987-8303-464302de0b81",
"url--59dfa6e9-d474-4987-8303-464302de0b81",
"indicator--59dfa6e9-d890-4742-bfce-43d602de0b81",
"indicator--59dfa6ea-2968-4e50-8b98-419702de0b81",
"observed-data--59dfa6ea-7018-45bd-9ee4-419f02de0b81",
"url--59dfa6ea-7018-45bd-9ee4-419f02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\"",
"misp-galaxy:tool=\"Trick Bot\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb12-8b68-43b7-8cdc-472e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[file:hashes.MD5 = '1934bc240ae9e8e101490a9dab13c079']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb12-20d8-4046-ac94-4ea7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[file:hashes.MD5 = '5216bf5213f2f94e756ce464d34c740c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb12-31e4-45cb-a1c4-42da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://mtblanc-let.co.uk/nui76tg7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb12-7eac-42e7-b370-4a2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'mtblanc-let.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb12-2bc4-4fd4-8a21-096f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb12-2bc4-4fd4-8a21-096f950d210f",
"ipv4-addr--59ddbb12-2bc4-4fd4-8a21-096f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb12-2bc4-4fd4-8a21-096f950d210f",
"dst_ref": "ipv4-addr--59ddbb12-2bc4-4fd4-8a21-096f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb12-2bc4-4fd4-8a21-096f950d210f",
"value": "217.199.175.27"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb13-e6c4-4dda-8d3e-61c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://qxr33qxr.com/nui76tg7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb13-d094-4618-8168-4301950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'qxr33qxr.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb13-691c-44db-a6c2-4b94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb13-691c-44db-a6c2-4b94950d210f",
"ipv4-addr--59ddbb13-691c-44db-a6c2-4b94950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb13-691c-44db-a6c2-4b94950d210f",
"dst_ref": "ipv4-addr--59ddbb13-691c-44db-a6c2-4b94950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb13-691c-44db-a6c2-4b94950d210f",
"value": "67.210.102.240"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb13-28c4-44f1-a8ea-4373950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://smi-wi.com/nui76tg7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb14-ba14-44fe-a5ef-48ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'smi-wi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb14-6760-4c4b-9b9f-47b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb14-6760-4c4b-9b9f-47b4950d210f",
"ipv4-addr--59ddbb14-6760-4c4b-9b9f-47b4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb14-6760-4c4b-9b9f-47b4950d210f",
"dst_ref": "ipv4-addr--59ddbb14-6760-4c4b-9b9f-47b4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb14-6760-4c4b-9b9f-47b4950d210f",
"value": "72.52.195.204"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb14-ff5c-480c-af73-46fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://yamanashi-jyujin.jp/nui76tg7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb14-bfb0-4d4c-923f-6211950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'yamanashi-jyujin.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb15-2384-49c8-bcd2-096f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb15-2384-49c8-bcd2-096f950d210f",
"ipv4-addr--59ddbb15-2384-49c8-bcd2-096f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb15-2384-49c8-bcd2-096f950d210f",
"dst_ref": "ipv4-addr--59ddbb15-2384-49c8-bcd2-096f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb15-2384-49c8-bcd2-096f950d210f",
"value": "180.222.185.74"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb15-e084-4e3d-90d7-46c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://nsaflow.info/p66/nui76tg7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb15-20cc-45f4-bb74-43e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'nsaflow.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb30-f250-4d32-896f-31f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://alucmuhendislik.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb30-847c-49ec-8898-6211950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'alucmuhendislik.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb30-5f64-464c-a30c-435e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb30-5f64-464c-a30c-435e950d210f",
"ipv4-addr--59ddbb30-5f64-464c-a30c-435e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb30-5f64-464c-a30c-435e950d210f",
"dst_ref": "ipv4-addr--59ddbb30-5f64-464c-a30c-435e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb30-5f64-464c-a30c-435e950d210f",
"value": "185.85.205.9"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb30-d9f4-4f7a-b6c5-40ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://bit-chasers.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb31-c598-49a2-9ad3-4e98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'bit-chasers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb31-4ee4-42b4-b346-4714950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb31-4ee4-42b4-b346-4714950d210f",
"ipv4-addr--59ddbb31-4ee4-42b4-b346-4714950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb31-4ee4-42b4-b346-4714950d210f",
"dst_ref": "ipv4-addr--59ddbb31-4ee4-42b4-b346-4714950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb31-4ee4-42b4-b346-4714950d210f",
"value": "98.124.251.176"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb31-64ac-4d16-a751-4f67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://bjp.co.id/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb31-ee84-4191-b599-4308950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'bjp.co.id']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb31-e680-4866-8875-b4e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb31-e680-4866-8875-b4e9950d210f",
"ipv4-addr--59ddbb31-e680-4866-8875-b4e9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb31-e680-4866-8875-b4e9950d210f",
"dst_ref": "ipv4-addr--59ddbb31-e680-4866-8875-b4e9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb31-e680-4866-8875-b4e9950d210f",
"value": "202.169.44.167"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb31-0ec8-4e97-bfa5-4d2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://centurythis.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb32-4020-45b5-a717-4907950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'centurythis.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb32-b724-43ec-940f-31f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb32-b724-43ec-940f-31f8950d210f",
"ipv4-addr--59ddbb32-b724-43ec-940f-31f8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb32-b724-43ec-940f-31f8950d210f",
"dst_ref": "ipv4-addr--59ddbb32-b724-43ec-940f-31f8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb32-b724-43ec-940f-31f8950d210f",
"value": "98.124.252.66"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb32-d9e0-4369-9c2b-445c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://estudiperceptiva.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb32-630c-440c-9ed8-4655950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'estudiperceptiva.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb32-27d8-4819-ad13-4857950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb32-27d8-4819-ad13-4857950d210f",
"ipv4-addr--59ddbb32-27d8-4819-ad13-4857950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb32-27d8-4819-ad13-4857950d210f",
"dst_ref": "ipv4-addr--59ddbb32-27d8-4819-ad13-4857950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb32-27d8-4819-ad13-4857950d210f",
"value": "86.109.170.66"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb32-cef8-4fef-b63d-43a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://handhi.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb33-2b24-4b89-9efe-096f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'handhi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb33-4fc8-4fe7-a93b-4405950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb33-4fc8-4fe7-a93b-4405950d210f",
"ipv4-addr--59ddbb33-4fc8-4fe7-a93b-4405950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb33-4fc8-4fe7-a93b-4405950d210f",
"dst_ref": "ipv4-addr--59ddbb33-4fc8-4fe7-a93b-4405950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb33-4fc8-4fe7-a93b-4405950d210f",
"value": "162.213.255.19"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb33-eee0-4c96-9bed-41fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[url:value = 'http://hexacam.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb33-984c-47dc-aa36-61c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"pattern": "[domain-name:value = 'hexacam.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb33-1200-4306-ae88-4997950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:20.000Z",
"modified": "2017-10-12T17:31:20.000Z",
"first_observed": "2017-10-12T17:31:20Z",
"last_observed": "2017-10-12T17:31:20Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb33-1200-4306-ae88-4997950d210f",
"ipv4-addr--59ddbb33-1200-4306-ae88-4997950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb33-1200-4306-ae88-4997950d210f",
"dst_ref": "ipv4-addr--59ddbb33-1200-4306-ae88-4997950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb33-1200-4306-ae88-4997950d210f",
"value": "98.124.251.65"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb34-03b4-4f20-8951-4318950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[url:value = 'http://logica-info.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb34-935c-4aec-8a26-439c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[domain-name:value = 'logica-info.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb34-6a60-449b-b066-31f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb34-6a60-449b-b066-31f8950d210f",
"ipv4-addr--59ddbb34-6a60-449b-b066-31f8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb34-6a60-449b-b066-31f8950d210f",
"dst_ref": "ipv4-addr--59ddbb34-6a60-449b-b066-31f8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb34-6a60-449b-b066-31f8950d210f",
"value": "202.169.44.143"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb34-11b0-4129-82e5-6211950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[url:value = 'http://mh-service.ru/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb34-62f8-4224-9f5a-49cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[domain-name:value = 'mh-service.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb34-7bac-4a31-a219-4ef3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb34-7bac-4a31-a219-4ef3950d210f",
"ipv4-addr--59ddbb34-7bac-4a31-a219-4ef3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb34-7bac-4a31-a219-4ef3950d210f",
"dst_ref": "ipv4-addr--59ddbb34-7bac-4a31-a219-4ef3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb34-7bac-4a31-a219-4ef3950d210f",
"value": "89.253.235.118"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb35-3b08-4f34-b609-096f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[url:value = 'http://monstermx.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb35-12e0-4d65-96ad-47b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[domain-name:value = 'monstermx.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb35-ab34-49be-96b1-43c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb35-ab34-49be-96b1-43c2950d210f",
"ipv4-addr--59ddbb35-ab34-49be-96b1-43c2950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb35-ab34-49be-96b1-43c2950d210f",
"dst_ref": "ipv4-addr--59ddbb35-ab34-49be-96b1-43c2950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb35-ab34-49be-96b1-43c2950d210f",
"value": "107.152.98.20"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb35-3678-4467-91ee-4ee2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[url:value = 'http://m-tensou.net/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb35-a03c-4569-94b1-b4e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[domain-name:value = 'm-tensou.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb36-104c-4041-b60c-4d65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb36-104c-4041-b60c-4d65950d210f",
"ipv4-addr--59ddbb36-104c-4041-b60c-4d65950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb36-104c-4041-b60c-4d65950d210f",
"dst_ref": "ipv4-addr--59ddbb36-104c-4041-b60c-4d65950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb36-104c-4041-b60c-4d65950d210f",
"value": "202.218.252.73"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb36-88a0-45b8-be57-4289950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[url:value = 'http://paulcruse.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb36-564c-4c81-8841-4c72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[domain-name:value = 'paulcruse.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb36-7828-4c75-a1c0-41d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb36-7828-4c75-a1c0-41d8950d210f",
"ipv4-addr--59ddbb36-7828-4c75-a1c0-41d8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb36-7828-4c75-a1c0-41d8950d210f",
"dst_ref": "ipv4-addr--59ddbb36-7828-4c75-a1c0-41d8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb36-7828-4c75-a1c0-41d8950d210f",
"value": "91.215.186.147"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb36-1ee4-45c7-b7d3-4361950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[url:value = 'http://suncoastot.com/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb36-1690-4679-ac0e-446a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[domain-name:value = 'suncoastot.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb37-2898-424d-8b96-096f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb37-2898-424d-8b96-096f950d210f",
"ipv4-addr--59ddbb37-2898-424d-8b96-096f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb37-2898-424d-8b96-096f950d210f",
"dst_ref": "ipv4-addr--59ddbb37-2898-424d-8b96-096f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb37-2898-424d-8b96-096f950d210f",
"value": "98.124.252.176"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ddbb37-106c-4437-beef-4b6d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"pattern": "[url:value = 'http://nsaflow.info/p66/09yhb7r5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb55-2fb0-46a2-9f49-43c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb55-2fb0-46a2-9f49-43c8950d210f",
"ipv4-addr--59ddbb55-2fb0-46a2-9f49-43c8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb55-2fb0-46a2-9f49-43c8950d210f",
"dst_ref": "ipv4-addr--59ddbb55-2fb0-46a2-9f49-43c8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb55-2fb0-46a2-9f49-43c8950d210f",
"value": "91.83.88.51"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb55-9c2c-4629-8ac0-4afb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb55-9c2c-4629-8ac0-4afb950d210f",
"ipv4-addr--59ddbb55-9c2c-4629-8ac0-4afb950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb55-9c2c-4629-8ac0-4afb950d210f",
"dst_ref": "ipv4-addr--59ddbb55-9c2c-4629-8ac0-4afb950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb55-9c2c-4629-8ac0-4afb950d210f",
"value": "46.237.117.193"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb56-f3ec-479e-8483-4c73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb56-f3ec-479e-8483-4c73950d210f",
"ipv4-addr--59ddbb56-f3ec-479e-8483-4c73950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb56-f3ec-479e-8483-4c73950d210f",
"dst_ref": "ipv4-addr--59ddbb56-f3ec-479e-8483-4c73950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb56-f3ec-479e-8483-4c73950d210f",
"value": "79.170.7.139"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb56-ab94-40a8-a610-4a71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb56-ab94-40a8-a610-4a71950d210f",
"ipv4-addr--59ddbb56-ab94-40a8-a610-4a71950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb56-ab94-40a8-a610-4a71950d210f",
"dst_ref": "ipv4-addr--59ddbb56-ab94-40a8-a610-4a71950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb56-ab94-40a8-a610-4a71950d210f",
"value": "41.57.103.218"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb56-d24c-4f04-bf6b-b4e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb56-d24c-4f04-bf6b-b4e9950d210f",
"ipv4-addr--59ddbb56-d24c-4f04-bf6b-b4e9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb56-d24c-4f04-bf6b-b4e9950d210f",
"dst_ref": "ipv4-addr--59ddbb56-d24c-4f04-bf6b-b4e9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb56-d24c-4f04-bf6b-b4e9950d210f",
"value": "196.202.194.202"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb57-e908-4aac-a66d-4637950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb57-e908-4aac-a66d-4637950d210f",
"ipv4-addr--59ddbb57-e908-4aac-a66d-4637950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb57-e908-4aac-a66d-4637950d210f",
"dst_ref": "ipv4-addr--59ddbb57-e908-4aac-a66d-4637950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb57-e908-4aac-a66d-4637950d210f",
"value": "46.20.56.239"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb57-e29c-42df-8614-4df9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb57-e29c-42df-8614-4df9950d210f",
"ipv4-addr--59ddbb57-e29c-42df-8614-4df9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb57-e29c-42df-8614-4df9950d210f",
"dst_ref": "ipv4-addr--59ddbb57-e29c-42df-8614-4df9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb57-e29c-42df-8614-4df9950d210f",
"value": "176.120.126.21"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb57-1c00-484b-b662-31f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb57-1c00-484b-b662-31f8950d210f",
"ipv4-addr--59ddbb57-1c00-484b-b662-31f8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb57-1c00-484b-b662-31f8950d210f",
"dst_ref": "ipv4-addr--59ddbb57-1c00-484b-b662-31f8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb57-1c00-484b-b662-31f8950d210f",
"value": "91.239.249.118"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb57-319c-4c1b-a66c-6211950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb57-319c-4c1b-a66c-6211950d210f",
"ipv4-addr--59ddbb57-319c-4c1b-a66c-6211950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb57-319c-4c1b-a66c-6211950d210f",
"dst_ref": "ipv4-addr--59ddbb57-319c-4c1b-a66c-6211950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb57-319c-4c1b-a66c-6211950d210f",
"value": "194.87.103.184"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb58-daec-4909-8b04-4757950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb58-daec-4909-8b04-4757950d210f",
"ipv4-addr--59ddbb58-daec-4909-8b04-4757950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb58-daec-4909-8b04-4757950d210f",
"dst_ref": "ipv4-addr--59ddbb58-daec-4909-8b04-4757950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb58-daec-4909-8b04-4757950d210f",
"value": "92.63.102.64"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb58-4d20-4652-912a-4c51950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb58-4d20-4652-912a-4c51950d210f",
"ipv4-addr--59ddbb58-4d20-4652-912a-4c51950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb58-4d20-4652-912a-4c51950d210f",
"dst_ref": "ipv4-addr--59ddbb58-4d20-4652-912a-4c51950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb58-4d20-4652-912a-4c51950d210f",
"value": "194.87.238.53"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb58-0ac0-4156-90d1-47ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb58-0ac0-4156-90d1-47ee950d210f",
"ipv4-addr--59ddbb58-0ac0-4156-90d1-47ee950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb58-0ac0-4156-90d1-47ee950d210f",
"dst_ref": "ipv4-addr--59ddbb58-0ac0-4156-90d1-47ee950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb58-0ac0-4156-90d1-47ee950d210f",
"value": "92.63.102.159"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb58-9090-445e-9ab2-4388950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb58-9090-445e-9ab2-4388950d210f",
"ipv4-addr--59ddbb58-9090-445e-9ab2-4388950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb58-9090-445e-9ab2-4388950d210f",
"dst_ref": "ipv4-addr--59ddbb58-9090-445e-9ab2-4388950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb58-9090-445e-9ab2-4388950d210f",
"value": "194.87.232.219"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb59-20e0-497a-bff7-46d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb59-20e0-497a-bff7-46d5950d210f",
"ipv4-addr--59ddbb59-20e0-497a-bff7-46d5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb59-20e0-497a-bff7-46d5950d210f",
"dst_ref": "ipv4-addr--59ddbb59-20e0-497a-bff7-46d5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb59-20e0-497a-bff7-46d5950d210f",
"value": "149.154.69.70"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb59-c9f8-465c-9b6b-61c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb59-c9f8-465c-9b6b-61c1950d210f",
"ipv4-addr--59ddbb59-c9f8-465c-9b6b-61c1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb59-c9f8-465c-9b6b-61c1950d210f",
"dst_ref": "ipv4-addr--59ddbb59-c9f8-465c-9b6b-61c1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb59-c9f8-465c-9b6b-61c1950d210f",
"value": "78.24.223.153"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb59-7d70-4f63-b210-474e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb59-7d70-4f63-b210-474e950d210f",
"ipv4-addr--59ddbb59-7d70-4f63-b210-474e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb59-7d70-4f63-b210-474e950d210f",
"dst_ref": "ipv4-addr--59ddbb59-7d70-4f63-b210-474e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb59-7d70-4f63-b210-474e950d210f",
"value": "194.87.92.207"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5a-e7f8-490d-88b8-4c33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5a-e7f8-490d-88b8-4c33950d210f",
"ipv4-addr--59ddbb5a-e7f8-490d-88b8-4c33950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5a-e7f8-490d-88b8-4c33950d210f",
"dst_ref": "ipv4-addr--59ddbb5a-e7f8-490d-88b8-4c33950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5a-e7f8-490d-88b8-4c33950d210f",
"value": "194.87.94.239"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5a-cf38-4a69-974a-31f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5a-cf38-4a69-974a-31f8950d210f",
"ipv4-addr--59ddbb5a-cf38-4a69-974a-31f8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5a-cf38-4a69-974a-31f8950d210f",
"dst_ref": "ipv4-addr--59ddbb5a-cf38-4a69-974a-31f8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5a-cf38-4a69-974a-31f8950d210f",
"value": "195.133.147.238"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5a-0350-4b6f-b415-4723950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5a-0350-4b6f-b415-4723950d210f",
"ipv4-addr--59ddbb5a-0350-4b6f-b415-4723950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5a-0350-4b6f-b415-4723950d210f",
"dst_ref": "ipv4-addr--59ddbb5a-0350-4b6f-b415-4723950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5a-0350-4b6f-b415-4723950d210f",
"value": "62.109.15.132"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5a-6ec8-42cb-98f6-4528950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5a-6ec8-42cb-98f6-4528950d210f",
"ipv4-addr--59ddbb5a-6ec8-42cb-98f6-4528950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5a-6ec8-42cb-98f6-4528950d210f",
"dst_ref": "ipv4-addr--59ddbb5a-6ec8-42cb-98f6-4528950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5a-6ec8-42cb-98f6-4528950d210f",
"value": "194.87.236.240"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5b-ef38-4633-ba93-447f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5b-ef38-4633-ba93-447f950d210f",
"ipv4-addr--59ddbb5b-ef38-4633-ba93-447f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5b-ef38-4633-ba93-447f950d210f",
"dst_ref": "ipv4-addr--59ddbb5b-ef38-4633-ba93-447f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5b-ef38-4633-ba93-447f950d210f",
"value": "62.109.6.237"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5b-da70-4c58-ae80-4d5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5b-da70-4c58-ae80-4d5b950d210f",
"ipv4-addr--59ddbb5b-da70-4c58-ae80-4d5b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5b-da70-4c58-ae80-4d5b950d210f",
"dst_ref": "ipv4-addr--59ddbb5b-da70-4c58-ae80-4d5b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5b-da70-4c58-ae80-4d5b950d210f",
"value": "149.154.69.47"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5b-2694-4f57-97ac-4b4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5b-2694-4f57-97ac-4b4c950d210f",
"ipv4-addr--59ddbb5b-2694-4f57-97ac-4b4c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5b-2694-4f57-97ac-4b4c950d210f",
"dst_ref": "ipv4-addr--59ddbb5b-2694-4f57-97ac-4b4c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5b-2694-4f57-97ac-4b4c950d210f",
"value": "82.146.47.121"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5b-e7f8-412f-a141-4917950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5b-e7f8-412f-a141-4917950d210f",
"ipv4-addr--59ddbb5b-e7f8-412f-a141-4917950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5b-e7f8-412f-a141-4917950d210f",
"dst_ref": "ipv4-addr--59ddbb5b-e7f8-412f-a141-4917950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5b-e7f8-412f-a141-4917950d210f",
"value": "78.24.216.250"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5c-8ec4-41a1-af46-61c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5c-8ec4-41a1-af46-61c1950d210f",
"ipv4-addr--59ddbb5c-8ec4-41a1-af46-61c1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5c-8ec4-41a1-af46-61c1950d210f",
"dst_ref": "ipv4-addr--59ddbb5c-8ec4-41a1-af46-61c1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5c-8ec4-41a1-af46-61c1950d210f",
"value": "82.146.56.218"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5c-3c2c-4a85-b43c-4632950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5c-3c2c-4a85-b43c-4632950d210f",
"ipv4-addr--59ddbb5c-3c2c-4a85-b43c-4632950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5c-3c2c-4a85-b43c-4632950d210f",
"dst_ref": "ipv4-addr--59ddbb5c-3c2c-4a85-b43c-4632950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5c-3c2c-4a85-b43c-4632950d210f",
"value": "185.159.131.198"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5c-2b5c-45f2-83d6-4a73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5c-2b5c-45f2-83d6-4a73950d210f",
"ipv4-addr--59ddbb5c-2b5c-45f2-83d6-4a73950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5c-2b5c-45f2-83d6-4a73950d210f",
"dst_ref": "ipv4-addr--59ddbb5c-2b5c-45f2-83d6-4a73950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5c-2b5c-45f2-83d6-4a73950d210f",
"value": "194.87.146.32"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f",
"ipv4-addr--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f",
"dst_ref": "ipv4-addr--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5c-2cb4-4fec-9bcd-31f8950d210f",
"value": "5.133.179.77"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5c-7964-4600-9a11-4ebb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5c-7964-4600-9a11-4ebb950d210f",
"ipv4-addr--59ddbb5c-7964-4600-9a11-4ebb950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5c-7964-4600-9a11-4ebb950d210f",
"dst_ref": "ipv4-addr--59ddbb5c-7964-4600-9a11-4ebb950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5c-7964-4600-9a11-4ebb950d210f",
"value": "94.242.224.214"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5d-2f54-4c05-9b10-45bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5d-2f54-4c05-9b10-45bf950d210f",
"ipv4-addr--59ddbb5d-2f54-4c05-9b10-45bf950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5d-2f54-4c05-9b10-45bf950d210f",
"dst_ref": "ipv4-addr--59ddbb5d-2f54-4c05-9b10-45bf950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5d-2f54-4c05-9b10-45bf950d210f",
"value": "194.87.92.242"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5d-167c-4da3-8bc7-4c5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5d-167c-4da3-8bc7-4c5d950d210f",
"ipv4-addr--59ddbb5d-167c-4da3-8bc7-4c5d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5d-167c-4da3-8bc7-4c5d950d210f",
"dst_ref": "ipv4-addr--59ddbb5d-167c-4da3-8bc7-4c5d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5d-167c-4da3-8bc7-4c5d950d210f",
"value": "195.133.146.236"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ddbb5e-ea60-4971-84f3-4540950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ddbb5e-ea60-4971-84f3-4540950d210f",
"ipv4-addr--59ddbb5e-ea60-4971-84f3-4540950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ddbb5e-ea60-4971-84f3-4540950d210f",
"dst_ref": "ipv4-addr--59ddbb5e-ea60-4971-84f3-4540950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ddbb5e-ea60-4971-84f3-4540950d210f",
"value": "193.124.117.238"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59dfa6e9-262c-4e99-bfb7-419002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"description": "- Xchecked via VT: 5216bf5213f2f94e756ce464d34c740c",
"pattern": "[file:hashes.SHA256 = '24184f3ae1a878018d650812c7084cdc91fdaa8916d3d11140ef06d6306347a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59dfa6e9-b6f8-4b70-9c45-49a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"description": "- Xchecked via VT: 5216bf5213f2f94e756ce464d34c740c",
"pattern": "[file:hashes.SHA1 = 'dd3ad086b2973e67e41aa21680448badb989f9c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59dfa6e9-d474-4987-8303-464302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"first_observed": "2017-10-12T17:31:21Z",
"last_observed": "2017-10-12T17:31:21Z",
"number_observed": 1,
"object_refs": [
"url--59dfa6e9-d474-4987-8303-464302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59dfa6e9-d474-4987-8303-464302de0b81",
"value": "https://www.virustotal.com/file/24184f3ae1a878018d650812c7084cdc91fdaa8916d3d11140ef06d6306347a2/analysis/1507764485/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59dfa6e9-d890-4742-bfce-43d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"description": "- Xchecked via VT: 1934bc240ae9e8e101490a9dab13c079",
"pattern": "[file:hashes.SHA256 = 'c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59dfa6ea-2968-4e50-8b98-419702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:21.000Z",
"modified": "2017-10-12T17:31:21.000Z",
"description": "- Xchecked via VT: 1934bc240ae9e8e101490a9dab13c079",
"pattern": "[file:hashes.SHA1 = 'a0218048aaca34259d0651d911b81f9f12a30326']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-12T17:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59dfa6ea-7018-45bd-9ee4-419f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-12T17:31:22.000Z",
"modified": "2017-10-12T17:31:22.000Z",
"first_observed": "2017-10-12T17:31:22Z",
"last_observed": "2017-10-12T17:31:22Z",
"number_observed": 1,
"object_refs": [
"url--59dfa6ea-7018-45bd-9ee4-419f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59dfa6ea-7018-45bd-9ee4-419f02de0b81",
"value": "https://www.virustotal.com/file/c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3/analysis/1507806911/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}