misp-circl-feed/feeds/circl/stix-2.1/5a044f70-28a8-45a4-b350-cdab950d210f.json

1300 lines
52 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5a044f70-28a8-45a4-b350-cdab950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:26:02.000Z",
"modified": "2017-11-09T20:26:02.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a044f70-28a8-45a4-b350-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:26:02.000Z",
"modified": "2017-11-09T20:26:02.000Z",
"name": "M2M - Locky Affid=3, \".asasin\" 2017-11-02 : \"12_Invoice_3456\" - \"001_1234.doc\"",
"context": "suspicious-activity",
"object_refs": [
"indicator--5a044f71-4498-467c-ab71-48ff950d210f",
"indicator--5a044f72-27b4-401e-89b0-4ab9950d210f",
"indicator--5a044f72-adcc-4152-89f8-4ee9950d210f",
"observed-data--5a044f72-e3ac-4b5d-978a-cda3950d210f",
"network-traffic--5a044f72-e3ac-4b5d-978a-cda3950d210f",
"ipv4-addr--5a044f72-e3ac-4b5d-978a-cda3950d210f",
"indicator--5a044f72-a9c8-4ddd-b446-991b950d210f",
"indicator--5a044f73-d3b8-4499-9158-cdb1950d210f",
"observed-data--5a044f73-cba0-4e88-89e8-cdab950d210f",
"network-traffic--5a044f73-cba0-4e88-89e8-cdab950d210f",
"ipv4-addr--5a044f73-cba0-4e88-89e8-cdab950d210f",
"indicator--5a044f73-3948-40c5-a2f7-cc6f950d210f",
"indicator--5a044f73-8444-4c98-9302-48f9950d210f",
"observed-data--5a044f74-fcac-4eff-aed4-4414950d210f",
"network-traffic--5a044f74-fcac-4eff-aed4-4414950d210f",
"ipv4-addr--5a044f74-fcac-4eff-aed4-4414950d210f",
"indicator--5a044f74-fa18-495a-87e8-20a6950d210f",
"indicator--5a044f74-5734-481a-a7dc-cd35950d210f",
"observed-data--5a044f74-5c24-4898-9219-4ac3950d210f",
"network-traffic--5a044f74-5c24-4898-9219-4ac3950d210f",
"ipv4-addr--5a044f74-5c24-4898-9219-4ac3950d210f",
"indicator--5a044f75-9a44-415e-88a7-cda3950d210f",
"indicator--5a044f75-6c00-4ebc-8fae-991b950d210f",
"observed-data--5a044f75-c740-4f76-9b4a-cdb1950d210f",
"network-traffic--5a044f75-c740-4f76-9b4a-cdb1950d210f",
"ipv4-addr--5a044f75-c740-4f76-9b4a-cdb1950d210f",
"indicator--5a044f75-bdc4-4877-9069-cdab950d210f",
"indicator--5a044f76-61a4-4bfe-8e0d-2214950d210f",
"observed-data--5a044f76-f550-4ea7-8437-462c950d210f",
"network-traffic--5a044f76-f550-4ea7-8437-462c950d210f",
"ipv4-addr--5a044f76-f550-4ea7-8437-462c950d210f",
"indicator--5a044f76-ae48-41f2-a4bb-4d84950d210f",
"indicator--5a044f76-ae04-44b9-8a3f-4eda950d210f",
"observed-data--5a044f77-d234-4fb1-8bd4-75a9950d210f",
"network-traffic--5a044f77-d234-4fb1-8bd4-75a9950d210f",
"ipv4-addr--5a044f77-d234-4fb1-8bd4-75a9950d210f",
"indicator--5a044f7a-e1b4-40c9-9c18-75a9950d210f",
"indicator--5a044f7b-aa14-4c53-b56d-20a6950d210f",
"observed-data--5a044f7b-29a0-41dc-96a4-42b9950d210f",
"network-traffic--5a044f7b-29a0-41dc-96a4-42b9950d210f",
"ipv4-addr--5a044f7b-29a0-41dc-96a4-42b9950d210f",
"indicator--5a044f7b-bd48-43f4-a5d7-991b950d210f",
"indicator--5a044f7b-cdf8-4123-8992-48ec950d210f",
"observed-data--5a044f7c-d3a0-42a4-9f91-cdb1950d210f",
"network-traffic--5a044f7c-d3a0-42a4-9f91-cdb1950d210f",
"ipv4-addr--5a044f7c-d3a0-42a4-9f91-cdb1950d210f",
"indicator--5a044f7c-0f38-4603-b7d5-cc6f950d210f",
"indicator--5a044f7c-5c74-4e31-8738-47c6950d210f",
"observed-data--5a044f7d-b22c-432a-a43e-75a9950d210f",
"network-traffic--5a044f7d-b22c-432a-a43e-75a9950d210f",
"ipv4-addr--5a044f7d-b22c-432a-a43e-75a9950d210f",
"indicator--5a044f7d-32d8-47f3-85f2-4a7e950d210f",
"indicator--5a044f7d-b21c-48e5-b462-cda3950d210f",
"observed-data--5a044f7d-731c-4c6d-a6d2-991b950d210f",
"network-traffic--5a044f7d-731c-4c6d-a6d2-991b950d210f",
"ipv4-addr--5a044f7d-731c-4c6d-a6d2-991b950d210f",
"indicator--5a044f7d-afbc-47a0-ab66-4d24950d210f",
"indicator--5a044f7e-353c-48dd-b43d-4d17950d210f",
"observed-data--5a044f7e-ad0c-4742-93e8-cdab950d210f",
"network-traffic--5a044f7e-ad0c-4742-93e8-cdab950d210f",
"ipv4-addr--5a044f7e-ad0c-4742-93e8-cdab950d210f",
"indicator--5a044f7e-ce38-414d-ba71-2214950d210f",
"indicator--5a044f7f-9d74-49e7-86c0-4337950d210f",
"observed-data--5a044f7f-d44c-48dd-ab0f-498f950d210f",
"network-traffic--5a044f7f-d44c-48dd-ab0f-498f950d210f",
"ipv4-addr--5a044f7f-d44c-48dd-ab0f-498f950d210f",
"indicator--5a044f7f-9e20-4642-a4a9-cd35950d210f",
"indicator--5a044f80-34c4-4182-a96e-717b950d210f",
"indicator--5a04b9d4-6098-4af4-a972-4c9702de0b81",
"indicator--5a04b9d4-f76c-43c8-a7b5-48a102de0b81",
"observed-data--5a04b9d4-17ac-4410-b44a-494d02de0b81",
"url--5a04b9d4-17ac-4410-b44a-494d02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f71-4498-467c-ab71-48ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[file:hashes.MD5 = '26671a0b08b87754a72ab3d0c2256059']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f72-27b4-401e-89b0-4ab9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[url:value = 'http://nozovent.net/Jmdnaf36dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f72-adcc-4152-89f8-4ee9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[domain-name:value = 'nozovent.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f72-e3ac-4b5d-978a-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"first_observed": "2017-11-09T20:25:55Z",
"last_observed": "2017-11-09T20:25:55Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f72-e3ac-4b5d-978a-cda3950d210f",
"ipv4-addr--5a044f72-e3ac-4b5d-978a-cda3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f72-e3ac-4b5d-978a-cda3950d210f",
"dst_ref": "ipv4-addr--5a044f72-e3ac-4b5d-978a-cda3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f72-e3ac-4b5d-978a-cda3950d210f",
"value": "167.114.138.110"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f72-a9c8-4ddd-b446-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[url:value = 'http://pccreatief.nl/Jmdnaf36dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f73-d3b8-4499-9158-cdb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[domain-name:value = 'pccreatief.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f73-cba0-4e88-89e8-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"first_observed": "2017-11-09T20:25:55Z",
"last_observed": "2017-11-09T20:25:55Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f73-cba0-4e88-89e8-cdab950d210f",
"ipv4-addr--5a044f73-cba0-4e88-89e8-cdab950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f73-cba0-4e88-89e8-cdab950d210f",
"dst_ref": "ipv4-addr--5a044f73-cba0-4e88-89e8-cdab950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f73-cba0-4e88-89e8-cdab950d210f",
"value": "85.25.192.252"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f73-3948-40c5-a2f7-cc6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[url:value = 'http://plaissetty.com/Jmdnaf36dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f73-8444-4c98-9302-48f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[domain-name:value = 'plaissetty.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f74-fcac-4eff-aed4-4414950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"first_observed": "2017-11-09T20:25:55Z",
"last_observed": "2017-11-09T20:25:55Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f74-fcac-4eff-aed4-4414950d210f",
"ipv4-addr--5a044f74-fcac-4eff-aed4-4414950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f74-fcac-4eff-aed4-4414950d210f",
"dst_ref": "ipv4-addr--5a044f74-fcac-4eff-aed4-4414950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f74-fcac-4eff-aed4-4414950d210f",
"value": "91.121.183.59"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f74-fa18-495a-87e8-20a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[url:value = 'http://ro.isuzu.it/Jmdnaf36dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f74-5734-481a-a7dc-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[domain-name:value = 'ro.isuzu.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f74-5c24-4898-9219-4ac3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"first_observed": "2017-11-09T20:25:55Z",
"last_observed": "2017-11-09T20:25:55Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f74-5c24-4898-9219-4ac3950d210f",
"ipv4-addr--5a044f74-5c24-4898-9219-4ac3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f74-5c24-4898-9219-4ac3950d210f",
"dst_ref": "ipv4-addr--5a044f74-5c24-4898-9219-4ac3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f74-5c24-4898-9219-4ac3950d210f",
"value": "95.110.189.247"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f75-9a44-415e-88a7-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[url:value = 'http://sirbis.de/Jmdnaf36dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f75-6c00-4ebc-8fae-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[domain-name:value = 'sirbis.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f75-c740-4f76-9b4a-cdb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"first_observed": "2017-11-09T20:25:55Z",
"last_observed": "2017-11-09T20:25:55Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f75-c740-4f76-9b4a-cdb1950d210f",
"ipv4-addr--5a044f75-c740-4f76-9b4a-cdb1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f75-c740-4f76-9b4a-cdb1950d210f",
"dst_ref": "ipv4-addr--5a044f75-c740-4f76-9b4a-cdb1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f75-c740-4f76-9b4a-cdb1950d210f",
"value": "46.163.72.181"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f75-bdc4-4877-9069-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:55.000Z",
"modified": "2017-11-09T20:25:55.000Z",
"pattern": "[url:value = 'http://skivvies.com/Jmdnaf36dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f76-61a4-4bfe-8e0d-2214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'skivvies.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f76-f550-4ea7-8437-462c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f76-f550-4ea7-8437-462c950d210f",
"ipv4-addr--5a044f76-f550-4ea7-8437-462c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f76-f550-4ea7-8437-462c950d210f",
"dst_ref": "ipv4-addr--5a044f76-f550-4ea7-8437-462c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f76-f550-4ea7-8437-462c950d210f",
"value": "204.197.241.45"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f76-ae48-41f2-a4bb-4d84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[url:value = 'http://studio311.de/Jmdnaf36dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f76-ae04-44b9-8a3f-4eda950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'studio311.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f77-d234-4fb1-8bd4-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f77-d234-4fb1-8bd4-75a9950d210f",
"ipv4-addr--5a044f77-d234-4fb1-8bd4-75a9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f77-d234-4fb1-8bd4-75a9950d210f",
"dst_ref": "ipv4-addr--5a044f77-d234-4fb1-8bd4-75a9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f77-d234-4fb1-8bd4-75a9950d210f",
"value": "217.182.199.8"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7a-e1b4-40c9-9c18-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[url:value = 'http://michelsmarkt.de/Jgsn5srs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7b-aa14-4c53-b56d-20a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'michelsmarkt.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f7b-29a0-41dc-96a4-42b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f7b-29a0-41dc-96a4-42b9950d210f",
"ipv4-addr--5a044f7b-29a0-41dc-96a4-42b9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f7b-29a0-41dc-96a4-42b9950d210f",
"dst_ref": "ipv4-addr--5a044f7b-29a0-41dc-96a4-42b9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f7b-29a0-41dc-96a4-42b9950d210f",
"value": "173.212.228.135"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7b-bd48-43f4-a5d7-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[url:value = 'http://noya-en.eu/Jgsn5srs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7b-cdf8-4123-8992-48ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'noya-en.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f7c-d3a0-42a4-9f91-cdb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f7c-d3a0-42a4-9f91-cdb1950d210f",
"ipv4-addr--5a044f7c-d3a0-42a4-9f91-cdb1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f7c-d3a0-42a4-9f91-cdb1950d210f",
"dst_ref": "ipv4-addr--5a044f7c-d3a0-42a4-9f91-cdb1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f7c-d3a0-42a4-9f91-cdb1950d210f",
"value": "185.66.251.178"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7c-0f38-4603-b7d5-cc6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[url:value = 'http://ruemmelin.info/Jgsn5srs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7c-5c74-4e31-8738-47c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'ruemmelin.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f7d-b22c-432a-a43e-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f7d-b22c-432a-a43e-75a9950d210f",
"ipv4-addr--5a044f7d-b22c-432a-a43e-75a9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f7d-b22c-432a-a43e-75a9950d210f",
"dst_ref": "ipv4-addr--5a044f7d-b22c-432a-a43e-75a9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f7d-b22c-432a-a43e-75a9950d210f",
"value": "81.90.33.38"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7d-32d8-47f3-85f2-4a7e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[url:value = 'http://remers-messebau.de/Jgsn5srs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7d-b21c-48e5-b462-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'remers-messebau.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f7d-731c-4c6d-a6d2-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f7d-731c-4c6d-a6d2-991b950d210f",
"ipv4-addr--5a044f7d-731c-4c6d-a6d2-991b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f7d-731c-4c6d-a6d2-991b950d210f",
"dst_ref": "ipv4-addr--5a044f7d-731c-4c6d-a6d2-991b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f7d-731c-4c6d-a6d2-991b950d210f",
"value": "89.163.140.72"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7d-afbc-47a0-ab66-4d24950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[url:value = 'http://ollyandfriends.de/Jgsn5srs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7e-353c-48dd-b43d-4d17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'ollyandfriends.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f7e-ad0c-4742-93e8-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f7e-ad0c-4742-93e8-cdab950d210f",
"ipv4-addr--5a044f7e-ad0c-4742-93e8-cdab950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f7e-ad0c-4742-93e8-cdab950d210f",
"dst_ref": "ipv4-addr--5a044f7e-ad0c-4742-93e8-cdab950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f7e-ad0c-4742-93e8-cdab950d210f",
"value": "85.119.155.42"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7e-ce38-414d-ba71-2214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[url:value = 'http://primeassociatesinc.com/Jgsn5srs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7f-9d74-49e7-86c0-4337950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'primeassociatesinc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044f7f-d44c-48dd-ab0f-498f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044f7f-d44c-48dd-ab0f-498f950d210f",
"ipv4-addr--5a044f7f-d44c-48dd-ab0f-498f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044f7f-d44c-48dd-ab0f-498f950d210f",
"dst_ref": "ipv4-addr--5a044f7f-d44c-48dd-ab0f-498f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044f7f-d44c-48dd-ab0f-498f950d210f",
"value": "209.54.51.32"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f7f-9e20-4642-a4a9-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[url:value = 'http://verwadirephen.info/p66/Jgsn5srs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044f80-34c4-4182-a96e-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"pattern": "[domain-name:value = 'verwadirephen.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04b9d4-6098-4af4-a972-4c9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"description": "- Xchecked via VT: 26671a0b08b87754a72ab3d0c2256059",
"pattern": "[file:hashes.SHA256 = '68d73a56515a94be6400ea2ea625d256f439e3b279576dcdcb07948929e1d1cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04b9d4-f76c-43c8-a7b5-48a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"description": "- Xchecked via VT: 26671a0b08b87754a72ab3d0c2256059",
"pattern": "[file:hashes.SHA1 = '491178c82dee6e81030bd880ec3647c93b307e01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04b9d4-17ac-4410-b44a-494d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:25:56.000Z",
"modified": "2017-11-09T20:25:56.000Z",
"first_observed": "2017-11-09T20:25:56Z",
"last_observed": "2017-11-09T20:25:56Z",
"number_observed": 1,
"object_refs": [
"url--5a04b9d4-17ac-4410-b44a-494d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a04b9d4-17ac-4410-b44a-494d02de0b81",
"value": "https://www.virustotal.com/file/68d73a56515a94be6400ea2ea625d256f439e3b279576dcdcb07948929e1d1cd/analysis/1510096080/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}