misp-circl-feed/feeds/circl/stix-2.1/59c8f958-be58-46da-8a21-4c5f950d210f.json

1263 lines
50 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59c8f958-be58-46da-8a21-4c5f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:58:00.000Z",
"modified": "2017-09-25T12:58:00.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59c8f958-be58-46da-8a21-4c5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:58:00.000Z",
"modified": "2017-09-25T12:58:00.000Z",
"name": "M2M - Locky 2017-09-25 : Affid=3, offline, \".ykcol\" : \"Message from 02087654321\" - \"Voice Message.7z\"",
"published": "2017-09-25T12:58:05Z",
"object_refs": [
"indicator--59c8f959-ac8c-4e13-936e-9b1f950d210f",
"indicator--59c8f959-481c-4f85-a01f-4dd9950d210f",
"indicator--59c8f959-cd48-45c3-8d58-4c5f950d210f",
"indicator--59c8f977-c8b4-4c61-ba89-4c64950d210f",
"indicator--59c8f978-11f8-4997-8f83-4d7e950d210f",
"observed-data--59c8f978-9e6c-4301-9e45-4ad5950d210f",
"network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f",
"ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f",
"indicator--59c8f978-e850-40fd-85eb-9dc2950d210f",
"indicator--59c8f978-557c-42cb-8552-4dd6950d210f",
"observed-data--59c8f979-6138-4c7c-9cbc-4137950d210f",
"network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f",
"ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f",
"indicator--59c8f979-2bec-4e95-9bee-4bf6950d210f",
"indicator--59c8f979-e378-452d-9637-408a950d210f",
"observed-data--59c8f979-1298-4b34-a5e9-4c2f950d210f",
"network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f",
"ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f",
"indicator--59c8f97a-7670-41df-976e-4c5f950d210f",
"indicator--59c8f97a-7130-4898-874b-9dc2950d210f",
"observed-data--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
"network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
"ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
"indicator--59c8f97c-cc4c-44b9-a834-4c2f950d210f",
"indicator--59c8f97c-450c-41b9-b8f9-9b1f950d210f",
"observed-data--59c8f97c-07cc-4b9d-b850-4214950d210f",
"network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f",
"ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f",
"indicator--59c8f97d-28d0-4993-bb4b-42ad950d210f",
"indicator--59c8f97d-4d8c-4f56-94c2-45f8950d210f",
"observed-data--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
"network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
"ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
"indicator--59c8f97d-7e08-4283-a747-4bf6950d210f",
"indicator--59c8f97e-e30c-41cd-926e-4678950d210f",
"observed-data--59c8f97e-8c5c-495e-b382-9b1f950d210f",
"network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f",
"ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f",
"indicator--59c8f97e-e88c-4032-849d-4c5f950d210f",
"indicator--59c8f97e-2678-46af-8143-9dc2950d210f",
"observed-data--59c8f97f-1d84-4154-b141-9b8f950d210f",
"network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f",
"ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f",
"indicator--59c8f980-4d24-4b52-a6b8-45dd950d210f",
"indicator--59c8f980-1a10-449c-8ff4-4db4950d210f",
"observed-data--59c8f980-3d88-4246-80ef-4f5e950d210f",
"network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f",
"ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f",
"indicator--59c8f980-130c-4261-ade3-454a950d210f",
"indicator--59c8f980-2a50-4b1a-8267-9dc2950d210f",
"observed-data--59c8f981-bd88-4432-b8c1-4c2f950d210f",
"network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f",
"ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f",
"indicator--59c8f981-d878-4b0d-8f17-4075950d210f",
"indicator--59c8f981-1400-44b1-b1ed-4df4950d210f",
"observed-data--59c8f981-0550-4d85-b6e3-44da950d210f",
"network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f",
"ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f",
"indicator--59c8f982-981c-4dbb-a0e5-4797950d210f",
"indicator--59c8f982-7b54-4776-921a-9dc2950d210f",
"indicator--59c8f988-7a04-42bb-a64e-4241950d210f",
"indicator--59c8f989-aeec-4911-a6f0-4f1a950d210f",
"observed-data--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
"network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
"ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
"indicator--59c8fcfd-834c-42e6-862e-403d02de0b81",
"indicator--59c8fcfd-39fc-469c-bdaf-4d5802de0b81",
"observed-data--59c8fcfd-6024-4980-ba2c-4fe102de0b81",
"url--59c8fcfd-6024-4980-ba2c-4fe102de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f959-ac8c-4e13-936e-9b1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[file:hashes.MD5 = '8dbdd9122dadc54f21747cc4f0ab267c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f959-481c-4f85-a01f-4dd9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://artplast.uz/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f959-cd48-45c3-8d58-4c5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'artplast.uz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f977-c8b4-4c61-ba89-4c64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://asesoreszapico.com/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f978-11f8-4997-8f83-4d7e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'asesoreszapico.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f978-9e6c-4301-9e45-4ad5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f",
"ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f",
"dst_ref": "ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f",
"value": "212.89.16.142"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f978-e850-40fd-85eb-9dc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://asheardontheradiogreens.com/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f978-557c-42cb-8552-4dd6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'asheardontheradiogreens.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f979-6138-4c7c-9cbc-4137950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f",
"ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f",
"dst_ref": "ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f",
"value": "199.30.241.139"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f979-2bec-4e95-9bee-4bf6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://audio-pa-service.de/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f979-e378-452d-9637-408a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'audio-pa-service.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f979-1298-4b34-a5e9-4c2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f",
"ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f",
"dst_ref": "ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f",
"value": "81.169.244.233"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97a-7670-41df-976e-4c5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://augsburger-maerchentheater.de/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97a-7130-4898-874b-9dc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'augsburger-maerchentheater.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
"ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
"dst_ref": "ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
"value": "94.102.214.231"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97c-cc4c-44b9-a834-4c2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://auto-ecole-prudence.com/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97c-450c-41b9-b8f9-9b1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'auto-ecole-prudence.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f97c-07cc-4b9d-b850-4214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f",
"ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f",
"dst_ref": "ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f",
"value": "193.227.248.247"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97d-28d0-4993-bb4b-42ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://automattenonline.com/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97d-4d8c-4f56-94c2-45f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'automattenonline.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
"ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
"dst_ref": "ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
"value": "149.210.129.109"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97d-7e08-4283-a747-4bf6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://awoodshop.net/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97e-e30c-41cd-926e-4678950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'awoodshop.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f97e-8c5c-495e-b382-9b1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f",
"ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f",
"dst_ref": "ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f",
"value": "72.32.177.50"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97e-e88c-4032-849d-4c5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://azimuth.com.pt/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f97e-2678-46af-8143-9dc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'azimuth.com.pt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f97f-1d84-4154-b141-9b8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f",
"ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f",
"dst_ref": "ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f",
"value": "80.172.241.36"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f980-4d24-4b52-a6b8-45dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://baburkuyumculuk.com/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f980-1a10-449c-8ff4-4db4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'baburkuyumculuk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f980-3d88-4246-80ef-4f5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f",
"ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f",
"dst_ref": "ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f",
"value": "213.142.143.191"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f980-130c-4261-ade3-454a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://bagnolipisa.it/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f980-2a50-4b1a-8267-9dc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'bagnolipisa.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f981-bd88-4432-b8c1-4c2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f",
"ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f",
"dst_ref": "ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f",
"value": "77.72.25.23"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f981-d878-4b0d-8f17-4075950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[url:value = 'http://barberomudanzas.com/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f981-1400-44b1-b1ed-4df4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'barberomudanzas.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f981-0550-4d85-b6e3-44da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f",
"ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f",
"dst_ref": "ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f",
"value": "188.93.75.198"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f982-981c-4dbb-a0e5-4797950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:28.000Z",
"modified": "2017-09-25T12:56:28.000Z",
"pattern": "[url:value = 'http://bor.uz/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f982-7b54-4776-921a-9dc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"pattern": "[domain-name:value = 'bor.uz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f988-7a04-42bb-a64e-4241950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:28.000Z",
"modified": "2017-09-25T12:56:28.000Z",
"pattern": "[url:value = 'http://tertrodefordown.info/af/YTkjdJH7w1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8f989-aeec-4911-a6f0-4f1a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:28.000Z",
"modified": "2017-09-25T12:56:28.000Z",
"pattern": "[domain-name:value = 'tertrodefordown.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:28.000Z",
"modified": "2017-09-25T12:56:28.000Z",
"first_observed": "2017-09-25T12:56:28Z",
"last_observed": "2017-09-25T12:56:28Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
"ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
"dst_ref": "ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
"value": "49.51.36.73"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8fcfd-834c-42e6-862e-403d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"description": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c",
"pattern": "[file:hashes.SHA256 = 'b86a830769fcfd54201495353c5ab8931f7ca796ef54a2219a04b9e7cb7d2a7a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c8fcfd-39fc-469c-bdaf-4d5802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"description": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c",
"pattern": "[file:hashes.SHA1 = '7f07f3b5ba830d55822f75836f0bbbe0ef579256']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-25T12:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c8fcfd-6024-4980-ba2c-4fe102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T12:56:29.000Z",
"modified": "2017-09-25T12:56:29.000Z",
"first_observed": "2017-09-25T12:56:29Z",
"last_observed": "2017-09-25T12:56:29Z",
"number_observed": 1,
"object_refs": [
"url--59c8fcfd-6024-4980-ba2c-4fe102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59c8fcfd-6024-4980-ba2c-4fe102de0b81",
"value": "https://www.virustotal.com/file/b86a830769fcfd54201495353c5ab8931f7ca796ef54a2219a04b9e7cb7d2a7a/analysis/1506338916/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}