adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59ce3d45-fc70-4852-bf6d-46e4950d210f.json

3145 lines
125 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--59ce3d45-fc70-4852-bf6d-46e4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:37.000Z",
"modified": "2017-09-29T13:06:37.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59ce3d45-fc70-4852-bf6d-46e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:37.000Z",
"modified": "2017-09-29T13:06:37.000Z",
"name": "M2M - Locky Affid=3/Trickbot \"mac1\" 2017-09-29 : \"Voice Message from ...\" - \"/voicemsg.html\" links",
"published": "2017-09-29T13:06:42Z",
"object_refs": [
"indicator--59ce3d46-77a0-4c85-947a-4a58950d210f",
"indicator--59ce3d47-2868-470e-8996-79d1950d210f",
"indicator--59ce3d47-9f44-4138-ac64-4b17950d210f",
"observed-data--59ce3d47-2c78-475b-890e-4313950d210f",
"network-traffic--59ce3d47-2c78-475b-890e-4313950d210f",
"ipv4-addr--59ce3d47-2c78-475b-890e-4313950d210f",
"indicator--59ce3d47-731c-43a5-ae08-7894950d210f",
"indicator--59ce3d48-7460-4977-8dfa-44a8950d210f",
"observed-data--59ce3d48-3d74-4c19-92f5-78e4950d210f",
"network-traffic--59ce3d48-3d74-4c19-92f5-78e4950d210f",
"ipv4-addr--59ce3d48-3d74-4c19-92f5-78e4950d210f",
"indicator--59ce3d48-5510-4b3f-8dab-4167950d210f",
"indicator--59ce3d48-d2a4-4c9e-aba0-7d97950d210f",
"observed-data--59ce3d49-1128-4738-bbe4-444d950d210f",
"network-traffic--59ce3d49-1128-4738-bbe4-444d950d210f",
"ipv4-addr--59ce3d49-1128-4738-bbe4-444d950d210f",
"indicator--59ce3d49-fa64-4651-b4a0-4b51950d210f",
"indicator--59ce3d49-0c1c-4f57-8709-4c30950d210f",
"observed-data--59ce3d49-82d0-408d-be80-419b950d210f",
"network-traffic--59ce3d49-82d0-408d-be80-419b950d210f",
"ipv4-addr--59ce3d49-82d0-408d-be80-419b950d210f",
"indicator--59ce3d4a-907c-457d-88d4-4a2c950d210f",
"indicator--59ce3d4a-f074-4a42-ba88-4a0f950d210f",
"observed-data--59ce3d4a-a4a8-491e-860a-7894950d210f",
"network-traffic--59ce3d4a-a4a8-491e-860a-7894950d210f",
"ipv4-addr--59ce3d4a-a4a8-491e-860a-7894950d210f",
"indicator--59ce3d4a-ba0c-4bf8-b54d-4bff950d210f",
"indicator--59ce3d4b-9264-47f6-be7b-45e3950d210f",
"observed-data--59ce3d4b-c184-4ff3-9bed-4697950d210f",
"network-traffic--59ce3d4b-c184-4ff3-9bed-4697950d210f",
"ipv4-addr--59ce3d4b-c184-4ff3-9bed-4697950d210f",
"indicator--59ce3d4b-8fe0-41fd-9e5b-1ec8950d210f",
"indicator--59ce3d4b-af24-4e89-b175-4036950d210f",
"indicator--59ce3d4c-8330-4c16-b958-4439950d210f",
"indicator--59ce3d4c-c328-47bc-a843-4d3f950d210f",
"observed-data--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f",
"network-traffic--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f",
"ipv4-addr--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f",
"indicator--59ce3d4d-dbd8-4165-bc83-4116950d210f",
"indicator--59ce3d4d-57d0-47ec-94c7-7894950d210f",
"observed-data--59ce3d4d-5c88-43a5-94bd-4582950d210f",
"network-traffic--59ce3d4d-5c88-43a5-94bd-4582950d210f",
"ipv4-addr--59ce3d4d-5c88-43a5-94bd-4582950d210f",
"indicator--59ce3d4d-e0ec-43c4-bcd2-4594950d210f",
"indicator--59ce3d4e-8098-42f6-a666-49e5950d210f",
"observed-data--59ce3d4e-7f60-4b28-ba41-4d82950d210f",
"network-traffic--59ce3d4e-7f60-4b28-ba41-4d82950d210f",
"ipv4-addr--59ce3d4e-7f60-4b28-ba41-4d82950d210f",
"indicator--59ce3d4e-bb58-492b-8d35-49b3950d210f",
"indicator--59ce3d4f-814c-4b1f-ae8e-45c3950d210f",
"observed-data--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f",
"network-traffic--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f",
"ipv4-addr--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f",
"indicator--59ce3d4f-bb54-4ab9-966f-419a950d210f",
"indicator--59ce3d4f-f718-42b0-bb27-4fde950d210f",
"observed-data--59ce3d50-02a0-43b1-b595-4c94950d210f",
"network-traffic--59ce3d50-02a0-43b1-b595-4c94950d210f",
"ipv4-addr--59ce3d50-02a0-43b1-b595-4c94950d210f",
"indicator--59ce3d50-42ac-419c-bece-7894950d210f",
"indicator--59ce3d50-56d0-47f7-91e7-423d950d210f",
"observed-data--59ce3d51-f514-4eca-ba8b-1ec8950d210f",
"network-traffic--59ce3d51-f514-4eca-ba8b-1ec8950d210f",
"ipv4-addr--59ce3d51-f514-4eca-ba8b-1ec8950d210f",
"indicator--59ce3d52-c148-4d2a-b24a-4d54950d210f",
"indicator--59ce3d52-5ce8-4a47-85e4-4466950d210f",
"observed-data--59ce3d52-3264-409e-a9be-4b37950d210f",
"network-traffic--59ce3d52-3264-409e-a9be-4b37950d210f",
"ipv4-addr--59ce3d52-3264-409e-a9be-4b37950d210f",
"indicator--59ce3d52-5010-47aa-8ad9-79d1950d210f",
"indicator--59ce3d52-67e0-41a7-8d9d-45bc950d210f",
"observed-data--59ce3d53-9ba4-4945-ba62-7894950d210f",
"network-traffic--59ce3d53-9ba4-4945-ba62-7894950d210f",
"ipv4-addr--59ce3d53-9ba4-4945-ba62-7894950d210f",
"indicator--59ce3d53-7140-45a7-86a4-4ee5950d210f",
"indicator--59ce3d53-f85c-4c03-8436-4cd8950d210f",
"observed-data--59ce3d54-cfac-464a-9dba-78e4950d210f",
"network-traffic--59ce3d54-cfac-464a-9dba-78e4950d210f",
"ipv4-addr--59ce3d54-cfac-464a-9dba-78e4950d210f",
"indicator--59ce3d54-078c-454a-9937-4278950d210f",
"indicator--59ce3d54-fcfc-4559-89dd-1ec8950d210f",
"observed-data--59ce3d54-0080-41e7-8b09-4107950d210f",
"network-traffic--59ce3d54-0080-41e7-8b09-4107950d210f",
"ipv4-addr--59ce3d54-0080-41e7-8b09-4107950d210f",
"indicator--59ce3d55-7564-437a-afd0-459c950d210f",
"indicator--59ce3d55-5d10-4c30-8e8e-79d1950d210f",
"observed-data--59ce3d56-17f0-40d8-9b7b-4253950d210f",
"network-traffic--59ce3d56-17f0-40d8-9b7b-4253950d210f",
"ipv4-addr--59ce3d56-17f0-40d8-9b7b-4253950d210f",
"indicator--59ce3d56-fdd8-4405-9339-4a66950d210f",
"indicator--59ce3d56-45a4-4e53-8d79-4c29950d210f",
"observed-data--59ce3d56-1f5c-41a4-b410-430b950d210f",
"network-traffic--59ce3d56-1f5c-41a4-b410-430b950d210f",
"ipv4-addr--59ce3d56-1f5c-41a4-b410-430b950d210f",
"indicator--59ce3d56-f94c-468f-9ca1-78e4950d210f",
"indicator--59ce3d57-20a4-42f6-b0df-4945950d210f",
"observed-data--59ce3d57-b8d0-41ea-9559-4aa0950d210f",
"network-traffic--59ce3d57-b8d0-41ea-9559-4aa0950d210f",
"ipv4-addr--59ce3d57-b8d0-41ea-9559-4aa0950d210f",
"indicator--59ce3d58-5474-49af-95d7-4f94950d210f",
"indicator--59ce3d58-ca7c-42fc-a3f1-457e950d210f",
"observed-data--59ce3d58-97a8-478c-9d45-40dc950d210f",
"network-traffic--59ce3d58-97a8-478c-9d45-40dc950d210f",
"ipv4-addr--59ce3d58-97a8-478c-9d45-40dc950d210f",
"indicator--59ce3d58-240c-4ad8-a077-4482950d210f",
"indicator--59ce3d58-f8fc-44dd-8206-4df4950d210f",
"indicator--59ce3d59-0df4-4475-b081-45d9950d210f",
"indicator--59ce3d59-cdd0-41a6-bae1-453a950d210f",
"observed-data--59ce3d59-c1b8-46e5-ac1e-4493950d210f",
"network-traffic--59ce3d59-c1b8-46e5-ac1e-4493950d210f",
"ipv4-addr--59ce3d59-c1b8-46e5-ac1e-4493950d210f",
"indicator--59ce3d5a-ab40-4543-8ae6-1ec8950d210f",
"indicator--59ce3d5a-3e18-407f-847e-471a950d210f",
"indicator--59ce3d5a-bea0-4a46-988f-4d7f950d210f",
"indicator--59ce3d5a-414c-4ed8-859a-79d1950d210f",
"observed-data--59ce3d5b-26ec-4a13-acc3-4080950d210f",
"network-traffic--59ce3d5b-26ec-4a13-acc3-4080950d210f",
"ipv4-addr--59ce3d5b-26ec-4a13-acc3-4080950d210f",
"indicator--59ce3d5b-7738-4013-8d2e-483d950d210f",
"indicator--59ce3d5b-7850-4f54-baa0-7894950d210f",
"observed-data--59ce3d5c-5c90-4a90-88de-4679950d210f",
"network-traffic--59ce3d5c-5c90-4a90-88de-4679950d210f",
"ipv4-addr--59ce3d5c-5c90-4a90-88de-4679950d210f",
"indicator--59ce3d5c-ee44-4272-87fb-78e4950d210f",
"indicator--59ce3d5c-cc3c-4a6d-a8e9-7d97950d210f",
"observed-data--59ce3d5d-e938-4d54-a6c2-4c59950d210f",
"network-traffic--59ce3d5d-e938-4d54-a6c2-4c59950d210f",
"ipv4-addr--59ce3d5d-e938-4d54-a6c2-4c59950d210f",
"indicator--59ce3d5d-ecfc-477f-97a3-41b1950d210f",
"indicator--59ce3d5d-ffa8-45ad-94c2-4cee950d210f",
"observed-data--59ce3d5d-cecc-4708-871a-4307950d210f",
"network-traffic--59ce3d5d-cecc-4708-871a-4307950d210f",
"ipv4-addr--59ce3d5d-cecc-4708-871a-4307950d210f",
"indicator--59ce3d5e-6684-485c-86f1-4d81950d210f",
"indicator--59ce3d5e-4fec-4cc3-9dc0-4f01950d210f",
"observed-data--59ce3d5f-25b4-40b6-8f8f-4c84950d210f",
"network-traffic--59ce3d5f-25b4-40b6-8f8f-4c84950d210f",
"ipv4-addr--59ce3d5f-25b4-40b6-8f8f-4c84950d210f",
"indicator--59ce3d5f-c3ac-4f5c-bc73-43ac950d210f",
"indicator--59ce3d5f-3000-4644-8d22-4fe1950d210f",
"indicator--59ce3d61-7c24-4528-b490-4d71950d210f",
"indicator--59ce3d61-6834-4495-8065-4b41950d210f",
"observed-data--59ce3d62-b388-4836-b116-4865950d210f",
"network-traffic--59ce3d62-b388-4836-b116-4865950d210f",
"ipv4-addr--59ce3d62-b388-4836-b116-4865950d210f",
"indicator--59ce3d62-1910-4196-aada-4440950d210f",
"indicator--59ce3d62-fba8-4b04-a482-7894950d210f",
"observed-data--59ce3d62-a8b4-47f1-92f0-4bbf950d210f",
"network-traffic--59ce3d62-a8b4-47f1-92f0-4bbf950d210f",
"ipv4-addr--59ce3d62-a8b4-47f1-92f0-4bbf950d210f",
"indicator--59ce3d63-be88-42fe-9b6d-4f25950d210f",
"indicator--59ce3d63-2e78-4360-89e7-78e4950d210f",
"observed-data--59ce3d63-9224-4794-9e7c-1ec8950d210f",
"network-traffic--59ce3d63-9224-4794-9e7c-1ec8950d210f",
"ipv4-addr--59ce3d63-9224-4794-9e7c-1ec8950d210f",
"indicator--59ce3d63-6dac-4ea7-9df9-4153950d210f",
"indicator--59ce3d63-70b0-4e8f-a7c2-4f9f950d210f",
"observed-data--59ce3d64-4fe4-46fc-8684-4542950d210f",
"network-traffic--59ce3d64-4fe4-46fc-8684-4542950d210f",
"ipv4-addr--59ce3d64-4fe4-46fc-8684-4542950d210f",
"indicator--59ce3d64-3c34-43eb-b3a9-79d1950d210f",
"indicator--59ce3d64-7ebc-450f-a7dd-4cb2950d210f",
"observed-data--59ce3d64-ee44-4547-9edf-48ec950d210f",
"network-traffic--59ce3d64-ee44-4547-9edf-48ec950d210f",
"ipv4-addr--59ce3d64-ee44-4547-9edf-48ec950d210f",
"indicator--59ce3d65-17b0-4b2d-8564-7894950d210f",
"indicator--59ce3d65-a280-46cf-b7a8-49ac950d210f",
"observed-data--59ce3d65-799c-452a-a008-4880950d210f",
"network-traffic--59ce3d65-799c-452a-a008-4880950d210f",
"ipv4-addr--59ce3d65-799c-452a-a008-4880950d210f",
"indicator--59ce3d65-33b4-44f8-9348-78e4950d210f",
"indicator--59ce3d65-cc70-42ea-b5f2-7d97950d210f",
"observed-data--59ce3d67-e330-47b4-b7c7-42c9950d210f",
"network-traffic--59ce3d67-e330-47b4-b7c7-42c9950d210f",
"ipv4-addr--59ce3d67-e330-47b4-b7c7-42c9950d210f",
"indicator--59ce453b-8cf0-4048-8c89-483d02de0b81",
"indicator--59ce453b-0b50-4073-a430-423a02de0b81",
"observed-data--59ce453b-fc08-4ad9-ba66-45cd02de0b81",
"url--59ce453b-fc08-4ad9-ba66-45cd02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"Trick Bot\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d46-77a0-4c85-947a-4a58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[file:hashes.MD5 = '28770e17d1a6bffcaac19a1074b4c2b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d47-2868-470e-8996-79d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://afslearnenglish.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d47-9f44-4138-ac64-4b17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'afslearnenglish.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d47-2c78-475b-890e-4313950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d47-2c78-475b-890e-4313950d210f",
"ipv4-addr--59ce3d47-2c78-475b-890e-4313950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d47-2c78-475b-890e-4313950d210f",
"dst_ref": "ipv4-addr--59ce3d47-2c78-475b-890e-4313950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d47-2c78-475b-890e-4313950d210f",
"value": "80.93.208.248"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d47-731c-43a5-ae08-7894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://agregate-cariera.ro/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d48-7460-4977-8dfa-44a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'agregate-cariera.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d48-3d74-4c19-92f5-78e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d48-3d74-4c19-92f5-78e4950d210f",
"ipv4-addr--59ce3d48-3d74-4c19-92f5-78e4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d48-3d74-4c19-92f5-78e4950d210f",
"dst_ref": "ipv4-addr--59ce3d48-3d74-4c19-92f5-78e4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d48-3d74-4c19-92f5-78e4950d210f",
"value": "37.187.158.199"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d48-5510-4b3f-8dab-4167950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://agrourbis.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d48-d2a4-4c9e-aba0-7d97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'agrourbis.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d49-1128-4738-bbe4-444d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d49-1128-4738-bbe4-444d950d210f",
"ipv4-addr--59ce3d49-1128-4738-bbe4-444d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d49-1128-4738-bbe4-444d950d210f",
"dst_ref": "ipv4-addr--59ce3d49-1128-4738-bbe4-444d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d49-1128-4738-bbe4-444d950d210f",
"value": "86.109.170.66"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d49-fa64-4651-b4a0-4b51950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://alucmuhendislik.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d49-0c1c-4f57-8709-4c30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'alucmuhendislik.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d49-82d0-408d-be80-419b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d49-82d0-408d-be80-419b950d210f",
"ipv4-addr--59ce3d49-82d0-408d-be80-419b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d49-82d0-408d-be80-419b950d210f",
"dst_ref": "ipv4-addr--59ce3d49-82d0-408d-be80-419b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d49-82d0-408d-be80-419b950d210f",
"value": "185.85.205.9"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4a-907c-457d-88d4-4a2c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://auto-ecolecoccinelle.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4a-f074-4a42-ba88-4a0f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'auto-ecolecoccinelle.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d4a-a4a8-491e-860a-7894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d4a-a4a8-491e-860a-7894950d210f",
"ipv4-addr--59ce3d4a-a4a8-491e-860a-7894950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d4a-a4a8-491e-860a-7894950d210f",
"dst_ref": "ipv4-addr--59ce3d4a-a4a8-491e-860a-7894950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d4a-a4a8-491e-860a-7894950d210f",
"value": "193.227.248.241"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4a-ba0c-4bf8-b54d-4bff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://datenhaus.info/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4b-9264-47f6-be7b-45e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'datenhaus.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d4b-c184-4ff3-9bed-4697950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d4b-c184-4ff3-9bed-4697950d210f",
"ipv4-addr--59ce3d4b-c184-4ff3-9bed-4697950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d4b-c184-4ff3-9bed-4697950d210f",
"dst_ref": "ipv4-addr--59ce3d4b-c184-4ff3-9bed-4697950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d4b-c184-4ff3-9bed-4697950d210f",
"value": "85.214.205.231"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4b-8fe0-41fd-9e5b-1ec8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://estudiperceptiva.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4b-af24-4e89-b175-4036950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'estudiperceptiva.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4c-8330-4c16-b958-4439950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://ferienwohnung-schitter.at/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4c-c328-47bc-a843-4d3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'ferienwohnung-schitter.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f",
"ipv4-addr--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f",
"dst_ref": "ipv4-addr--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d4c-d56c-4fa4-aedb-4bc3950d210f",
"value": "217.172.186.114"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4d-dbd8-4165-bc83-4116950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://fortcollins-accounting.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4d-57d0-47ec-94c7-7894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'fortcollins-accounting.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d4d-5c88-43a5-94bd-4582950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d4d-5c88-43a5-94bd-4582950d210f",
"ipv4-addr--59ce3d4d-5c88-43a5-94bd-4582950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d4d-5c88-43a5-94bd-4582950d210f",
"dst_ref": "ipv4-addr--59ce3d4d-5c88-43a5-94bd-4582950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d4d-5c88-43a5-94bd-4582950d210f",
"value": "74.208.43.105"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4d-e0ec-43c4-bcd2-4594950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://hashigosha.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4e-8098-42f6-a666-49e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'hashigosha.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d4e-7f60-4b28-ba41-4d82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d4e-7f60-4b28-ba41-4d82950d210f",
"ipv4-addr--59ce3d4e-7f60-4b28-ba41-4d82950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d4e-7f60-4b28-ba41-4d82950d210f",
"dst_ref": "ipv4-addr--59ce3d4e-7f60-4b28-ba41-4d82950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d4e-7f60-4b28-ba41-4d82950d210f",
"value": "180.222.185.74"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4e-bb58-492b-8d35-49b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://ilnumeroverde.it/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4f-814c-4b1f-ae8e-45c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'ilnumeroverde.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"first_observed": "2017-09-29T13:06:01Z",
"last_observed": "2017-09-29T13:06:01Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f",
"ipv4-addr--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f",
"dst_ref": "ipv4-addr--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d4f-ddf8-4128-9ba1-4d2f950d210f",
"value": "85.235.130.50"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4f-bb54-4ab9-966f-419a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[url:value = 'http://kalorsystem.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d4f-f718-42b0-bb27-4fde950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:01.000Z",
"modified": "2017-09-29T13:06:01.000Z",
"pattern": "[domain-name:value = 'kalorsystem.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d50-02a0-43b1-b595-4c94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d50-02a0-43b1-b595-4c94950d210f",
"ipv4-addr--59ce3d50-02a0-43b1-b595-4c94950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d50-02a0-43b1-b595-4c94950d210f",
"dst_ref": "ipv4-addr--59ce3d50-02a0-43b1-b595-4c94950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d50-02a0-43b1-b595-4c94950d210f",
"value": "95.110.231.145"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d50-42ac-419c-bece-7894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://louisawong.net/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d50-56d0-47f7-91e7-423d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'louisawong.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d51-f514-4eca-ba8b-1ec8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d51-f514-4eca-ba8b-1ec8950d210f",
"ipv4-addr--59ce3d51-f514-4eca-ba8b-1ec8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d51-f514-4eca-ba8b-1ec8950d210f",
"dst_ref": "ipv4-addr--59ce3d51-f514-4eca-ba8b-1ec8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d51-f514-4eca-ba8b-1ec8950d210f",
"value": "123.242.230.63"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d52-c148-4d2a-b24a-4d54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://maule.biz/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d52-5ce8-4a47-85e4-4466950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'maule.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d52-3264-409e-a9be-4b37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d52-3264-409e-a9be-4b37950d210f",
"ipv4-addr--59ce3d52-3264-409e-a9be-4b37950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d52-3264-409e-a9be-4b37950d210f",
"dst_ref": "ipv4-addr--59ce3d52-3264-409e-a9be-4b37950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d52-3264-409e-a9be-4b37950d210f",
"value": "98.124.251.176"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d52-5010-47aa-8ad9-79d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://missinglynxsystems.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d52-67e0-41a7-8d9d-45bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'missinglynxsystems.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d53-9ba4-4945-ba62-7894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d53-9ba4-4945-ba62-7894950d210f",
"ipv4-addr--59ce3d53-9ba4-4945-ba62-7894950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d53-9ba4-4945-ba62-7894950d210f",
"dst_ref": "ipv4-addr--59ce3d53-9ba4-4945-ba62-7894950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d53-9ba4-4945-ba62-7894950d210f",
"value": "66.36.173.181"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d53-7140-45a7-86a4-4ee5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://mobius-group.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d53-f85c-4c03-8436-4cd8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'mobius-group.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d54-cfac-464a-9dba-78e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d54-cfac-464a-9dba-78e4950d210f",
"ipv4-addr--59ce3d54-cfac-464a-9dba-78e4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d54-cfac-464a-9dba-78e4950d210f",
"dst_ref": "ipv4-addr--59ce3d54-cfac-464a-9dba-78e4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d54-cfac-464a-9dba-78e4950d210f",
"value": "176.56.62.143"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d54-078c-454a-9937-4278950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://monroepoa.org/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d54-fcfc-4559-89dd-1ec8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'monroepoa.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d54-0080-41e7-8b09-4107950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d54-0080-41e7-8b09-4107950d210f",
"ipv4-addr--59ce3d54-0080-41e7-8b09-4107950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d54-0080-41e7-8b09-4107950d210f",
"dst_ref": "ipv4-addr--59ce3d54-0080-41e7-8b09-4107950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d54-0080-41e7-8b09-4107950d210f",
"value": "65.44.220.64"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d55-7564-437a-afd0-459c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://monstermx.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d55-5d10-4c30-8e8e-79d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'monstermx.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d56-17f0-40d8-9b7b-4253950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d56-17f0-40d8-9b7b-4253950d210f",
"ipv4-addr--59ce3d56-17f0-40d8-9b7b-4253950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d56-17f0-40d8-9b7b-4253950d210f",
"dst_ref": "ipv4-addr--59ce3d56-17f0-40d8-9b7b-4253950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d56-17f0-40d8-9b7b-4253950d210f",
"value": "107.152.98.20"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d56-fdd8-4405-9339-4a66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://mueblesamedidamalaga.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d56-45a4-4e53-8d79-4c29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'mueblesamedidamalaga.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d56-1f5c-41a4-b410-430b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d56-1f5c-41a4-b410-430b950d210f",
"ipv4-addr--59ce3d56-1f5c-41a4-b410-430b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d56-1f5c-41a4-b410-430b950d210f",
"dst_ref": "ipv4-addr--59ce3d56-1f5c-41a4-b410-430b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d56-1f5c-41a4-b410-430b950d210f",
"value": "94.127.190.141"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d56-f94c-468f-9ca1-78e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://norsky.pt/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d57-20a4-42f6-b0df-4945950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'norsky.pt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d57-b8d0-41ea-9559-4aa0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d57-b8d0-41ea-9559-4aa0950d210f",
"ipv4-addr--59ce3d57-b8d0-41ea-9559-4aa0950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d57-b8d0-41ea-9559-4aa0950d210f",
"dst_ref": "ipv4-addr--59ce3d57-b8d0-41ea-9559-4aa0950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d57-b8d0-41ea-9559-4aa0950d210f",
"value": "109.71.42.24"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d58-5474-49af-95d7-4f94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://pagosdelrey.mobi/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d58-ca7c-42fc-a3f1-457e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'pagosdelrey.mobi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d58-97a8-478c-9d45-40dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d58-97a8-478c-9d45-40dc950d210f",
"ipv4-addr--59ce3d58-97a8-478c-9d45-40dc950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d58-97a8-478c-9d45-40dc950d210f",
"dst_ref": "ipv4-addr--59ce3d58-97a8-478c-9d45-40dc950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d58-97a8-478c-9d45-40dc950d210f",
"value": "5.2.27.27"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d58-240c-4ad8-a077-4482950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://parquetroman.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d58-f8fc-44dd-8206-4df4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'parquetroman.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d59-0df4-4475-b081-45d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://pinkyardflamingos.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d59-cdd0-41a6-bae1-453a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'pinkyardflamingos.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d59-c1b8-46e5-ac1e-4493950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d59-c1b8-46e5-ac1e-4493950d210f",
"ipv4-addr--59ce3d59-c1b8-46e5-ac1e-4493950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d59-c1b8-46e5-ac1e-4493950d210f",
"dst_ref": "ipv4-addr--59ce3d59-c1b8-46e5-ac1e-4493950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d59-c1b8-46e5-ac1e-4493950d210f",
"value": "66.36.163.144"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5a-ab40-4543-8ae6-1ec8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://profigera.pt/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5a-3e18-407f-847e-471a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'profigera.pt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5a-bea0-4a46-988f-4d7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://recturf.com.au/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5a-414c-4ed8-859a-79d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'recturf.com.au']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d5b-26ec-4a13-acc3-4080950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d5b-26ec-4a13-acc3-4080950d210f",
"ipv4-addr--59ce3d5b-26ec-4a13-acc3-4080950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d5b-26ec-4a13-acc3-4080950d210f",
"dst_ref": "ipv4-addr--59ce3d5b-26ec-4a13-acc3-4080950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d5b-26ec-4a13-acc3-4080950d210f",
"value": "103.236.163.40"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5b-7738-4013-8d2e-483d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://resortphotographics.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5b-7850-4f54-baa0-7894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'resortphotographics.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d5c-5c90-4a90-88de-4679950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d5c-5c90-4a90-88de-4679950d210f",
"ipv4-addr--59ce3d5c-5c90-4a90-88de-4679950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d5c-5c90-4a90-88de-4679950d210f",
"dst_ref": "ipv4-addr--59ce3d5c-5c90-4a90-88de-4679950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d5c-5c90-4a90-88de-4679950d210f",
"value": "68.171.62.61"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5c-ee44-4272-87fb-78e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://sgtenterprises.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5c-cc3c-4a6d-a8e9-7d97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'sgtenterprises.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d5d-e938-4d54-a6c2-4c59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d5d-e938-4d54-a6c2-4c59950d210f",
"ipv4-addr--59ce3d5d-e938-4d54-a6c2-4c59950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d5d-e938-4d54-a6c2-4c59950d210f",
"dst_ref": "ipv4-addr--59ce3d5d-e938-4d54-a6c2-4c59950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d5d-e938-4d54-a6c2-4c59950d210f",
"value": "66.36.163.197"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5d-ecfc-477f-97a3-41b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://shineindian.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5d-ffa8-45ad-94c2-4cee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'shineindian.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d5d-cecc-4708-871a-4307950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d5d-cecc-4708-871a-4307950d210f",
"ipv4-addr--59ce3d5d-cecc-4708-871a-4307950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d5d-cecc-4708-871a-4307950d210f",
"dst_ref": "ipv4-addr--59ce3d5d-cecc-4708-871a-4307950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d5d-cecc-4708-871a-4307950d210f",
"value": "95.173.189.226"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5e-6684-485c-86f1-4d81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://simonline.nl/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5e-4fec-4cc3-9dc0-4f01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'simonline.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d5f-25b4-40b6-8f8f-4c84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d5f-25b4-40b6-8f8f-4c84950d210f",
"ipv4-addr--59ce3d5f-25b4-40b6-8f8f-4c84950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d5f-25b4-40b6-8f8f-4c84950d210f",
"dst_ref": "ipv4-addr--59ce3d5f-25b4-40b6-8f8f-4c84950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d5f-25b4-40b6-8f8f-4c84950d210f",
"value": "46.235.44.91"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5f-c3ac-4f5c-bc73-43ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://somallc.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d5f-3000-4644-8d22-4fe1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'somallc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d61-7c24-4528-b490-4d71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://sunny-voices.de/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d61-6834-4495-8065-4b41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'sunny-voices.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d62-b388-4836-b116-4865950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d62-b388-4836-b116-4865950d210f",
"ipv4-addr--59ce3d62-b388-4836-b116-4865950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d62-b388-4836-b116-4865950d210f",
"dst_ref": "ipv4-addr--59ce3d62-b388-4836-b116-4865950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d62-b388-4836-b116-4865950d210f",
"value": "213.185.88.60"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d62-1910-4196-aada-4440950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://team-bobcat.org/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d62-fba8-4b04-a482-7894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'team-bobcat.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d62-a8b4-47f1-92f0-4bbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d62-a8b4-47f1-92f0-4bbf950d210f",
"ipv4-addr--59ce3d62-a8b4-47f1-92f0-4bbf950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d62-a8b4-47f1-92f0-4bbf950d210f",
"dst_ref": "ipv4-addr--59ce3d62-a8b4-47f1-92f0-4bbf950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d62-a8b4-47f1-92f0-4bbf950d210f",
"value": "212.224.65.254"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d63-be88-42fe-9b6d-4f25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://vincent-farben.de/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d63-2e78-4360-89e7-78e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'vincent-farben.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d63-9224-4794-9e7c-1ec8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d63-9224-4794-9e7c-1ec8950d210f",
"ipv4-addr--59ce3d63-9224-4794-9e7c-1ec8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d63-9224-4794-9e7c-1ec8950d210f",
"dst_ref": "ipv4-addr--59ce3d63-9224-4794-9e7c-1ec8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d63-9224-4794-9e7c-1ec8950d210f",
"value": "81.169.241.228"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d63-6dac-4ea7-9df9-4153950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://weloveflowers.co.uk/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d63-70b0-4e8f-a7c2-4f9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'weloveflowers.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d64-4fe4-46fc-8684-4542950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"first_observed": "2017-09-29T13:06:02Z",
"last_observed": "2017-09-29T13:06:02Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d64-4fe4-46fc-8684-4542950d210f",
"ipv4-addr--59ce3d64-4fe4-46fc-8684-4542950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d64-4fe4-46fc-8684-4542950d210f",
"dst_ref": "ipv4-addr--59ce3d64-4fe4-46fc-8684-4542950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d64-4fe4-46fc-8684-4542950d210f",
"value": "80.76.217.149"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d64-3c34-43eb-b3a9-79d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[url:value = 'http://wwwa.su/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d64-7ebc-450f-a7dd-4cb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:02.000Z",
"modified": "2017-09-29T13:06:02.000Z",
"pattern": "[domain-name:value = 'wwwa.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d64-ee44-4547-9edf-48ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"first_observed": "2017-09-29T13:06:03Z",
"last_observed": "2017-09-29T13:06:03Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d64-ee44-4547-9edf-48ec950d210f",
"ipv4-addr--59ce3d64-ee44-4547-9edf-48ec950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d64-ee44-4547-9edf-48ec950d210f",
"dst_ref": "ipv4-addr--59ce3d64-ee44-4547-9edf-48ec950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d64-ee44-4547-9edf-48ec950d210f",
"value": "89.253.236.149"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d65-17b0-4b2d-8564-7894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"pattern": "[url:value = 'http://zik-et-dance.com/voicemsg.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d65-a280-46cf-b7a8-49ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"pattern": "[domain-name:value = 'zik-et-dance.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d65-799c-452a-a008-4880950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"first_observed": "2017-09-29T13:06:03Z",
"last_observed": "2017-09-29T13:06:03Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d65-799c-452a-a008-4880950d210f",
"ipv4-addr--59ce3d65-799c-452a-a008-4880950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d65-799c-452a-a008-4880950d210f",
"dst_ref": "ipv4-addr--59ce3d65-799c-452a-a008-4880950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d65-799c-452a-a008-4880950d210f",
"value": "85.31.196.7"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d65-33b4-44f8-9348-78e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"pattern": "[url:value = 'http://moroplinghaptan.info/offjsjs/*']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce3d65-cc70-42ea-b5f2-7d97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"pattern": "[domain-name:value = 'moroplinghaptan.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce3d67-e330-47b4-b7c7-42c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"first_observed": "2017-09-29T13:06:03Z",
"last_observed": "2017-09-29T13:06:03Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59ce3d67-e330-47b4-b7c7-42c9950d210f",
"ipv4-addr--59ce3d67-e330-47b4-b7c7-42c9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59ce3d67-e330-47b4-b7c7-42c9950d210f",
"dst_ref": "ipv4-addr--59ce3d67-e330-47b4-b7c7-42c9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59ce3d67-e330-47b4-b7c7-42c9950d210f",
"value": "49.51.133.167"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce453b-8cf0-4048-8c89-483d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"description": "- Xchecked via VT: 28770e17d1a6bffcaac19a1074b4c2b5",
"pattern": "[file:hashes.SHA256 = '006d0ab2844e4df90109fc769cda49fa6eb8e7e033f8e81b60c1e345fb346560']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ce453b-0b50-4073-a430-423a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"description": "- Xchecked via VT: 28770e17d1a6bffcaac19a1074b4c2b5",
"pattern": "[file:hashes.SHA1 = 'f78e3e65207d0756e51ef17cdadd2692dc1b85e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-29T13:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59ce453b-fc08-4ad9-ba66-45cd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-29T13:06:03.000Z",
"modified": "2017-09-29T13:06:03.000Z",
"first_observed": "2017-09-29T13:06:03Z",
"last_observed": "2017-09-29T13:06:03Z",
"number_observed": 1,
"object_refs": [
"url--59ce453b-fc08-4ad9-ba66-45cd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59ce453b-fc08-4ad9-ba66-45cd02de0b81",
"value": "https://www.virustotal.com/file/006d0ab2844e4df90109fc769cda49fa6eb8e7e033f8e81b60c1e345fb346560/analysis/1506688460/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink