adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59c56158-c3e8-47e0-bc9f-4d02950d210f.json

2131 lines
84 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59c56158-c3e8-47e0-bc9f-4d02950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T11:40:06.000Z",
"modified": "2017-09-25T11:40:06.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59c56158-c3e8-47e0-bc9f-4d02950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-25T11:40:06.000Z",
"modified": "2017-09-25T11:40:06.000Z",
"name": "M2M - Locky 2017-09-18 : Affid=3, offline, \".ykcol\" : \"Message from KM_C224e\" - \"20171809_12345678901.7z\"",
"published": "2017-09-25T11:41:45Z",
"object_refs": [
"indicator--59c56159-7764-449b-9963-419b950d210f",
"indicator--59c56159-e064-4321-9401-1330950d210f",
"indicator--59c56159-0230-4b93-a251-440e950d210f",
"observed-data--59c5615a-f138-4100-89f9-d2d7950d210f",
"network-traffic--59c5615a-f138-4100-89f9-d2d7950d210f",
"ipv4-addr--59c5615a-f138-4100-89f9-d2d7950d210f",
"indicator--59c5615a-ff1c-4324-9856-7461950d210f",
"indicator--59c5615a-0114-4376-900a-44e6950d210f",
"observed-data--59c5615a-8050-4fce-bc9e-df79950d210f",
"network-traffic--59c5615a-8050-4fce-bc9e-df79950d210f",
"ipv4-addr--59c5615a-8050-4fce-bc9e-df79950d210f",
"indicator--59c5615b-575c-4bc4-8472-e0c7950d210f",
"indicator--59c5615b-5d40-48aa-a006-455d950d210f",
"indicator--59c5615b-1880-4a70-9d98-45a3950d210f",
"indicator--59c5615b-7b4c-43d1-9716-1330950d210f",
"observed-data--59c5615c-b3a0-4b01-b03f-495a950d210f",
"network-traffic--59c5615c-b3a0-4b01-b03f-495a950d210f",
"ipv4-addr--59c5615c-b3a0-4b01-b03f-495a950d210f",
"indicator--59c5615c-38a4-4bb4-a783-d2d7950d210f",
"indicator--59c5615c-9e78-4b9e-8ca9-7461950d210f",
"observed-data--59c5615d-86cc-4907-b85f-4a34950d210f",
"network-traffic--59c5615d-86cc-4907-b85f-4a34950d210f",
"ipv4-addr--59c5615d-86cc-4907-b85f-4a34950d210f",
"indicator--59c5615d-b0d8-4505-80fe-4d78950d210f",
"indicator--59c5615e-f678-4569-93bc-496e950d210f",
"observed-data--59c5615e-1688-4fa3-b6e8-4f25950d210f",
"network-traffic--59c5615e-1688-4fa3-b6e8-4f25950d210f",
"ipv4-addr--59c5615e-1688-4fa3-b6e8-4f25950d210f",
"indicator--59c5615e-bc50-41f7-9c8d-4990950d210f",
"indicator--59c5615e-7fa0-4974-b587-416d950d210f",
"observed-data--59c5615e-cfd8-4c51-a8be-7461950d210f",
"network-traffic--59c5615e-cfd8-4c51-a8be-7461950d210f",
"ipv4-addr--59c5615e-cfd8-4c51-a8be-7461950d210f",
"indicator--59c5615f-a198-419f-b56e-4111950d210f",
"indicator--59c5615f-a198-469c-a78c-e0d9950d210f",
"observed-data--59c5615f-34d0-4864-a2e8-e0c7950d210f",
"network-traffic--59c5615f-34d0-4864-a2e8-e0c7950d210f",
"ipv4-addr--59c5615f-34d0-4864-a2e8-e0c7950d210f",
"indicator--59c56160-c528-4170-b3f3-4b92950d210f",
"indicator--59c56160-99b8-479e-8020-49e9950d210f",
"observed-data--59c56160-559c-4f87-af7e-4d54950d210f",
"network-traffic--59c56160-559c-4f87-af7e-4d54950d210f",
"ipv4-addr--59c56160-559c-4f87-af7e-4d54950d210f",
"indicator--59c56160-e978-45d5-ba60-4752950d210f",
"indicator--59c56160-61d4-455d-b81c-4f57950d210f",
"observed-data--59c56161-1228-494e-933f-7461950d210f",
"network-traffic--59c56161-1228-494e-933f-7461950d210f",
"ipv4-addr--59c56161-1228-494e-933f-7461950d210f",
"indicator--59c56161-e414-4b5b-8960-4a7c950d210f",
"indicator--59c56161-90f0-4aea-be44-e0d9950d210f",
"observed-data--59c56162-8480-405b-ab9f-4361950d210f",
"network-traffic--59c56162-8480-405b-ab9f-4361950d210f",
"ipv4-addr--59c56162-8480-405b-ab9f-4361950d210f",
"indicator--59c56162-da70-4b24-81f0-45d5950d210f",
"indicator--59c56162-963c-47bd-ab91-4a08950d210f",
"observed-data--59c56162-74f4-45c1-b217-1330950d210f",
"network-traffic--59c56162-74f4-45c1-b217-1330950d210f",
"ipv4-addr--59c56162-74f4-45c1-b217-1330950d210f",
"indicator--59c56162-df34-4776-b12f-4dcf950d210f",
"indicator--59c56163-4dbc-4b86-b05b-40a5950d210f",
"indicator--59c56163-ac18-4167-9528-4483950d210f",
"indicator--59c56163-a0e4-4b86-b247-494b950d210f",
"observed-data--59c56164-ce44-4404-9bfc-4b07950d210f",
"network-traffic--59c56164-ce44-4404-9bfc-4b07950d210f",
"ipv4-addr--59c56164-ce44-4404-9bfc-4b07950d210f",
"indicator--59c56164-2958-4f7f-83f3-4a4e950d210f",
"indicator--59c56164-3868-4e53-89b2-4c13950d210f",
"observed-data--59c56165-ae98-4d0c-ac0b-45e1950d210f",
"network-traffic--59c56165-ae98-4d0c-ac0b-45e1950d210f",
"ipv4-addr--59c56165-ae98-4d0c-ac0b-45e1950d210f",
"indicator--59c56165-4694-45b3-be9a-4d7f950d210f",
"indicator--59c56165-f4f4-4658-8dd1-d2d7950d210f",
"observed-data--59c56165-775c-46f2-9568-4dca950d210f",
"network-traffic--59c56165-775c-46f2-9568-4dca950d210f",
"ipv4-addr--59c56165-775c-46f2-9568-4dca950d210f",
"indicator--59c56165-babc-4ade-b117-4537950d210f",
"indicator--59c56166-985c-45d7-b2ac-e0d9950d210f",
"observed-data--59c56166-1998-43a0-a378-e0c7950d210f",
"network-traffic--59c56166-1998-43a0-a378-e0c7950d210f",
"ipv4-addr--59c56166-1998-43a0-a378-e0c7950d210f",
"indicator--59c56166-1b10-4b84-a294-4843950d210f",
"indicator--59c56166-b718-49da-a066-48be950d210f",
"indicator--59c56167-6550-4e7f-954c-1330950d210f",
"indicator--59c56167-c3f4-48fa-91b2-4e61950d210f",
"observed-data--59c56167-6c0c-4802-845a-49af950d210f",
"network-traffic--59c56167-6c0c-4802-845a-49af950d210f",
"ipv4-addr--59c56167-6c0c-4802-845a-49af950d210f",
"indicator--59c56168-3130-4a31-bc46-436b950d210f",
"indicator--59c56168-5ec4-4f35-93bb-4e6b950d210f",
"indicator--59c56168-22dc-478f-83d6-43d7950d210f",
"indicator--59c56168-f32c-455b-a308-4c81950d210f",
"indicator--59c56169-0a70-45ee-afbd-4abb950d210f",
"indicator--59c56169-8078-459b-99cf-1330950d210f",
"indicator--59c56169-f930-4c95-92bc-4172950d210f",
"indicator--59c56169-4e58-45f9-afc1-d2d7950d210f",
"indicator--59c56169-6290-4822-9e2f-44bf950d210f",
"indicator--59c5616a-2d00-49f7-bec9-4ce1950d210f",
"indicator--59c5616a-0b5c-427e-a3d6-df79950d210f",
"indicator--59c5616a-aa2c-4f28-8f25-e0c7950d210f",
"indicator--59c5616b-5414-4c42-8a79-4b11950d210f",
"indicator--59c5616b-babc-44eb-a875-489d950d210f",
"indicator--59c5616b-1758-4e87-aaa3-4c3e950d210f",
"indicator--59c5616b-4fa8-4a9f-b55c-4be9950d210f",
"indicator--59c5616b-af80-4350-93fb-d2d7950d210f",
"indicator--59c5616c-00d0-4301-b7ac-7461950d210f",
"indicator--59c5616c-e944-4b11-a3bf-4be1950d210f",
"indicator--59c5616c-d59c-4be4-ba10-4945950d210f",
"indicator--59c56273-5d74-4c34-8c0e-4bb902de0b81",
"indicator--59c56273-06dc-4df9-a984-42d002de0b81",
"observed-data--59c56273-50b4-4811-9106-42e102de0b81",
"url--59c56273-50b4-4811-9106-42e102de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56159-7764-449b-9963-419b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[file:hashes.MD5 = 'c6475a9b90dccea03d93dedf00eac5ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56159-e064-4321-9401-1330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://accountingservices.apec.org/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56159-0230-4b93-a251-440e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'accountingservices.apec.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c5615a-f138-4100-89f9-d2d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c5615a-f138-4100-89f9-d2d7950d210f",
"ipv4-addr--59c5615a-f138-4100-89f9-d2d7950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c5615a-f138-4100-89f9-d2d7950d210f",
"dst_ref": "ipv4-addr--59c5615a-f138-4100-89f9-d2d7950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c5615a-f138-4100-89f9-d2d7950d210f",
"value": "123.100.239.53"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615a-ff1c-4324-9856-7461950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://autoecoleeurope.com/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615a-0114-4376-900a-44e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'autoecoleeurope.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c5615a-8050-4fce-bc9e-df79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c5615a-8050-4fce-bc9e-df79950d210f",
"ipv4-addr--59c5615a-8050-4fce-bc9e-df79950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c5615a-8050-4fce-bc9e-df79950d210f",
"dst_ref": "ipv4-addr--59c5615a-8050-4fce-bc9e-df79950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c5615a-8050-4fce-bc9e-df79950d210f",
"value": "193.227.248.241"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615b-575c-4bc4-8472-e0c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://autoecolekim95.com/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615b-5d40-48aa-a006-455d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'autoecolekim95.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615b-1880-4a70-9d98-45a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://cornyproposals.com/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615b-7b4c-43d1-9716-1330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'cornyproposals.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c5615c-b3a0-4b01-b03f-495a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c5615c-b3a0-4b01-b03f-495a950d210f",
"ipv4-addr--59c5615c-b3a0-4b01-b03f-495a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c5615c-b3a0-4b01-b03f-495a950d210f",
"dst_ref": "ipv4-addr--59c5615c-b3a0-4b01-b03f-495a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c5615c-b3a0-4b01-b03f-495a950d210f",
"value": "184.168.111.139"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615c-38a4-4bb4-a783-d2d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://demopowerindo.com/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615c-9e78-4b9e-8ca9-7461950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'demopowerindo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c5615d-86cc-4907-b85f-4a34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c5615d-86cc-4907-b85f-4a34950d210f",
"ipv4-addr--59c5615d-86cc-4907-b85f-4a34950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c5615d-86cc-4907-b85f-4a34950d210f",
"dst_ref": "ipv4-addr--59c5615d-86cc-4907-b85f-4a34950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c5615d-86cc-4907-b85f-4a34950d210f",
"value": "202.169.44.167"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615d-b0d8-4505-80fe-4d78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://dmlex.adlino.be/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615e-f678-4569-93bc-496e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'dmlex.adlino.be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c5615e-1688-4fa3-b6e8-4f25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c5615e-1688-4fa3-b6e8-4f25950d210f",
"ipv4-addr--59c5615e-1688-4fa3-b6e8-4f25950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c5615e-1688-4fa3-b6e8-4f25950d210f",
"dst_ref": "ipv4-addr--59c5615e-1688-4fa3-b6e8-4f25950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c5615e-1688-4fa3-b6e8-4f25950d210f",
"value": "91.121.110.23"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615e-bc50-41f7-9c8d-4990950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://eurecas.org/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615e-7fa0-4974-b587-416d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'eurecas.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c5615e-cfd8-4c51-a8be-7461950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c5615e-cfd8-4c51-a8be-7461950d210f",
"ipv4-addr--59c5615e-cfd8-4c51-a8be-7461950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c5615e-cfd8-4c51-a8be-7461950d210f",
"dst_ref": "ipv4-addr--59c5615e-cfd8-4c51-a8be-7461950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c5615e-cfd8-4c51-a8be-7461950d210f",
"value": "185.58.7.11"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615f-a198-419f-b56e-4111950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://georginabringas.com/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5615f-a198-469c-a78c-e0d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'georginabringas.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c5615f-34d0-4864-a2e8-e0c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c5615f-34d0-4864-a2e8-e0c7950d210f",
"ipv4-addr--59c5615f-34d0-4864-a2e8-e0c7950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c5615f-34d0-4864-a2e8-e0c7950d210f",
"dst_ref": "ipv4-addr--59c5615f-34d0-4864-a2e8-e0c7950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c5615f-34d0-4864-a2e8-e0c7950d210f",
"value": "40.76.209.29"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56160-c528-4170-b3f3-4b92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://lasdamas.com/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56160-99b8-479e-8020-49e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'lasdamas.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56160-559c-4f87-af7e-4d54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56160-559c-4f87-af7e-4d54950d210f",
"ipv4-addr--59c56160-559c-4f87-af7e-4d54950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56160-559c-4f87-af7e-4d54950d210f",
"dst_ref": "ipv4-addr--59c56160-559c-4f87-af7e-4d54950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56160-559c-4f87-af7e-4d54950d210f",
"value": "66.84.21.227"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56160-e978-45d5-ba60-4752950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://montecortelhas.com/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56160-61d4-455d-b81c-4f57950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'montecortelhas.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56161-1228-494e-933f-7461950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56161-1228-494e-933f-7461950d210f",
"ipv4-addr--59c56161-1228-494e-933f-7461950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56161-1228-494e-933f-7461950d210f",
"dst_ref": "ipv4-addr--59c56161-1228-494e-933f-7461950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56161-1228-494e-933f-7461950d210f",
"value": "80.172.241.21"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56161-e414-4b5b-8960-4a7c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://petromarket.ir/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56161-90f0-4aea-be44-e0d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'petromarket.ir']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56162-8480-405b-ab9f-4361950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56162-8480-405b-ab9f-4361950d210f",
"ipv4-addr--59c56162-8480-405b-ab9f-4361950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56162-8480-405b-ab9f-4361950d210f",
"dst_ref": "ipv4-addr--59c56162-8480-405b-ab9f-4361950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56162-8480-405b-ab9f-4361950d210f",
"value": "198.50.119.188"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56162-da70-4b24-81f0-45d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://pnkparamount.com/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56162-963c-47bd-ab91-4a08950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'pnkparamount.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56162-74f4-45c1-b217-1330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56162-74f4-45c1-b217-1330950d210f",
"ipv4-addr--59c56162-74f4-45c1-b217-1330950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56162-74f4-45c1-b217-1330950d210f",
"dst_ref": "ipv4-addr--59c56162-74f4-45c1-b217-1330950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56162-74f4-45c1-b217-1330950d210f",
"value": "66.135.55.8"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56162-df34-4776-b12f-4dcf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://targeter.su/p66/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56163-4dbc-4b86-b05b-40a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'targeter.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56163-ac18-4167-9528-4483950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://v-chords.de/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56163-a0e4-4b86-b247-494b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'v-chords.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56164-ce44-4404-9bfc-4b07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56164-ce44-4404-9bfc-4b07950d210f",
"ipv4-addr--59c56164-ce44-4404-9bfc-4b07950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56164-ce44-4404-9bfc-4b07950d210f",
"dst_ref": "ipv4-addr--59c56164-ce44-4404-9bfc-4b07950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56164-ce44-4404-9bfc-4b07950d210f",
"value": "85.214.62.160"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56164-2958-4f7f-83f3-4a4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://walkama.net/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56164-3868-4e53-89b2-4c13950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[domain-name:value = 'walkama.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56165-ae98-4d0c-ac0b-45e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"first_observed": "2017-09-22T19:20:18Z",
"last_observed": "2017-09-22T19:20:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56165-ae98-4d0c-ac0b-45e1950d210f",
"ipv4-addr--59c56165-ae98-4d0c-ac0b-45e1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56165-ae98-4d0c-ac0b-45e1950d210f",
"dst_ref": "ipv4-addr--59c56165-ae98-4d0c-ac0b-45e1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56165-ae98-4d0c-ac0b-45e1950d210f",
"value": "91.192.194.102"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56165-4694-45b3-be9a-4d7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"pattern": "[url:value = 'http://wenger-werkzeugbau.de/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56165-f4f4-4658-8dd1-d2d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'wenger-werkzeugbau.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56165-775c-46f2-9568-4dca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"first_observed": "2017-09-22T19:20:18Z",
"last_observed": "2017-09-22T19:20:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56165-775c-46f2-9568-4dca950d210f",
"ipv4-addr--59c56165-775c-46f2-9568-4dca950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56165-775c-46f2-9568-4dca950d210f",
"dst_ref": "ipv4-addr--59c56165-775c-46f2-9568-4dca950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56165-775c-46f2-9568-4dca950d210f",
"value": "87.230.17.247"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56165-babc-4ade-b117-4537950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://wiskundebijles.nu/DKndhFG72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56166-985c-45d7-b2ac-e0d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'wiskundebijles.nu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56166-1998-43a0-a378-e0c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"first_observed": "2017-09-22T19:20:18Z",
"last_observed": "2017-09-22T19:20:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56166-1998-43a0-a378-e0c7950d210f",
"ipv4-addr--59c56166-1998-43a0-a378-e0c7950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56166-1998-43a0-a378-e0c7950d210f",
"dst_ref": "ipv4-addr--59c56166-1998-43a0-a378-e0c7950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56166-1998-43a0-a378-e0c7950d210f",
"value": "37.48.73.139"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56166-1b10-4b84-a294-4843950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://plbdykyhfysuemla.biz/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56166-b718-49da-a066-48be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'plbdykyhfysuemla.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56167-6550-4e7f-954c-1330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://binkdxdjmnimvu.xyz/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56167-c3f4-48fa-91b2-4e61950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'binkdxdjmnimvu.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56167-6c0c-4802-845a-49af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"first_observed": "2017-09-22T19:20:18Z",
"last_observed": "2017-09-22T19:20:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59c56167-6c0c-4802-845a-49af950d210f",
"ipv4-addr--59c56167-6c0c-4802-845a-49af950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59c56167-6c0c-4802-845a-49af950d210f",
"dst_ref": "ipv4-addr--59c56167-6c0c-4802-845a-49af950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59c56167-6c0c-4802-845a-49af950d210f",
"value": "192.42.116.41"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56168-3130-4a31-bc46-436b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://jkvjaco.org/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56168-5ec4-4f35-93bb-4e6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'jkvjaco.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56168-22dc-478f-83d6-43d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://butylctatr.org/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56168-f32c-455b-a308-4c81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'butylctatr.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56169-0a70-45ee-afbd-4abb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://dsmlskae.su/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56169-8078-459b-99cf-1330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'dsmlskae.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56169-f930-4c95-92bc-4172950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://ybxjwcxwdkdfii.su/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56169-4e58-45f9-afc1-d2d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'ybxjwcxwdkdfii.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56169-6290-4822-9e2f-44bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://lpnwxhtui.click/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616a-2d00-49f7-bec9-4ce1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'lpnwxhtui.click']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616a-0b5c-427e-a3d6-df79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://ibwudico.su/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616a-aa2c-4f28-8f25-e0c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'ibwudico.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616b-5414-4c42-8a79-4b11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://gnxvwwpwjadctwm.click/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616b-babc-44eb-a875-489d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'gnxvwwpwjadctwm.click']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616b-1758-4e87-aaa3-4c3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://symfensvoh.org/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616b-4fa8-4a9f-b55c-4be9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'symfensvoh.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616b-af80-4350-93fb-d2d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://sckodbf.biz/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616c-00d0-4301-b7ac-7461950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'sckodbf.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616c-e944-4b11-a3bf-4be1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[url:value = 'http://yjqfggabiym.pl/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c5616c-d59c-4be4-ba10-4945950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:18.000Z",
"modified": "2017-09-22T19:20:18.000Z",
"pattern": "[domain-name:value = 'yjqfggabiym.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56273-5d74-4c34-8c0e-4bb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"description": "- Xchecked via VT: c6475a9b90dccea03d93dedf00eac5ee",
"pattern": "[file:hashes.SHA256 = '8bf303dda84a1e0552f98370dd5dbfdf127d7ec9b5caab948874a897771ce142']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c56273-06dc-4df9-a984-42d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"description": "- Xchecked via VT: c6475a9b90dccea03d93dedf00eac5ee",
"pattern": "[file:hashes.SHA1 = 'b7afbe3c25fa4a147b32fa37b71c95ff089489e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-22T19:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59c56273-50b4-4811-9106-42e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-22T19:20:19.000Z",
"modified": "2017-09-22T19:20:19.000Z",
"first_observed": "2017-09-22T19:20:19Z",
"last_observed": "2017-09-22T19:20:19Z",
"number_observed": 1,
"object_refs": [
"url--59c56273-50b4-4811-9106-42e102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59c56273-50b4-4811-9106-42e102de0b81",
"value": "https://www.virustotal.com/file/8bf303dda84a1e0552f98370dd5dbfdf127d7ec9b5caab948874a897771ce142/analysis/1506055266/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink