misp-circl-feed/feeds/circl/stix-2.1/5a044ec0-f460-4e39-921e-cda3950d210f.json

2435 lines
97 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5a044ec0-f460-4e39-921e-cda3950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:06:37.000Z",
"modified": "2017-11-09T20:06:37.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a044ec0-f460-4e39-921e-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:06:37.000Z",
"modified": "2017-11-09T20:06:37.000Z",
"name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-11-01 : \"Invoice\" - \"12345_Invoice.doc\"",
"context": "suspicious-activity",
"object_refs": [
"indicator--5a044ec2-4aac-4839-ac9f-717b950d210f",
"indicator--5a044ec2-1edc-48ad-bf31-cd35950d210f",
"indicator--5a044ec2-921c-4007-9857-4ab6950d210f",
"indicator--5a044ec2-a6ac-48db-9608-cdb4950d210f",
"indicator--5a044ec3-d960-48d0-a2b8-429f950d210f",
"observed-data--5a044ec4-f87c-4b99-b7a5-cc6f950d210f",
"network-traffic--5a044ec4-f87c-4b99-b7a5-cc6f950d210f",
"ipv4-addr--5a044ec4-f87c-4b99-b7a5-cc6f950d210f",
"indicator--5a044ec4-ffe4-4b1a-8101-cdab950d210f",
"indicator--5a044ec4-9820-4356-ad87-4661950d210f",
"observed-data--5a044ec6-37f0-4d22-8c85-4c47950d210f",
"network-traffic--5a044ec6-37f0-4d22-8c85-4c47950d210f",
"ipv4-addr--5a044ec6-37f0-4d22-8c85-4c47950d210f",
"indicator--5a044ec6-353c-4c68-a3b2-49bc950d210f",
"indicator--5a044ec6-ab84-4b85-b123-717b950d210f",
"observed-data--5a044ec7-19ac-4bec-b7ed-4e9f950d210f",
"network-traffic--5a044ec7-19ac-4bec-b7ed-4e9f950d210f",
"ipv4-addr--5a044ec7-19ac-4bec-b7ed-4e9f950d210f",
"indicator--5a044ec7-6948-4904-bb94-75a9950d210f",
"indicator--5a044ec7-adb4-4bfe-99ef-4ce6950d210f",
"observed-data--5a044ec8-a4d4-41f3-91c3-4946950d210f",
"network-traffic--5a044ec8-a4d4-41f3-91c3-4946950d210f",
"ipv4-addr--5a044ec8-a4d4-41f3-91c3-4946950d210f",
"indicator--5a044ec8-98a8-4dae-807d-991b950d210f",
"indicator--5a044ec8-6e88-492b-b465-cd7d950d210f",
"observed-data--5a044ec8-560c-4c98-a799-cd35950d210f",
"network-traffic--5a044ec8-560c-4c98-a799-cd35950d210f",
"ipv4-addr--5a044ec8-560c-4c98-a799-cd35950d210f",
"indicator--5a044ec9-2674-4c92-973b-2214950d210f",
"indicator--5a044ec9-01e4-4eb9-981e-4eba950d210f",
"observed-data--5a044eca-e554-4590-8358-4c28950d210f",
"network-traffic--5a044eca-e554-4590-8358-4c28950d210f",
"ipv4-addr--5a044eca-e554-4590-8358-4c28950d210f",
"indicator--5a044eca-9580-4921-bcd1-cd7d950d210f",
"indicator--5a044eca-20e4-4db6-8816-717b950d210f",
"observed-data--5a044ecb-ce04-4144-bd4c-4d45950d210f",
"network-traffic--5a044ecb-ce04-4144-bd4c-4d45950d210f",
"ipv4-addr--5a044ecb-ce04-4144-bd4c-4d45950d210f",
"indicator--5a044ecb-6658-4a5c-8d08-4021950d210f",
"indicator--5a044ecb-a790-4494-8965-cdb4950d210f",
"observed-data--5a044ecb-36f0-43d5-970c-2214950d210f",
"network-traffic--5a044ecb-36f0-43d5-970c-2214950d210f",
"ipv4-addr--5a044ecb-36f0-43d5-970c-2214950d210f",
"indicator--5a044ecc-3428-481d-96b6-44f1950d210f",
"indicator--5a044ecc-f998-4ea3-b12d-cdb1950d210f",
"observed-data--5a044ecc-808c-437a-9c38-cc6f950d210f",
"network-traffic--5a044ecc-808c-437a-9c38-cc6f950d210f",
"ipv4-addr--5a044ecc-808c-437a-9c38-cc6f950d210f",
"indicator--5a044ecc-13d8-4f6e-96fa-cdab950d210f",
"indicator--5a044ecd-080c-412a-a7a6-400a950d210f",
"observed-data--5a044ecd-d81c-4ce0-86f7-4777950d210f",
"network-traffic--5a044ecd-d81c-4ce0-86f7-4777950d210f",
"ipv4-addr--5a044ecd-d81c-4ce0-86f7-4777950d210f",
"indicator--5a044ecd-0f68-4015-a3d0-20a6950d210f",
"indicator--5a044ecd-09dc-4877-82e5-424c950d210f",
"observed-data--5a044ece-540c-4253-8932-cdb1950d210f",
"network-traffic--5a044ece-540c-4253-8932-cdb1950d210f",
"ipv4-addr--5a044ece-540c-4253-8932-cdb1950d210f",
"indicator--5a044ece-2410-4c72-8770-4694950d210f",
"indicator--5a044ece-e60c-4808-8a9c-4c53950d210f",
"observed-data--5a044ecf-8a70-4600-8324-cdab950d210f",
"network-traffic--5a044ecf-8a70-4600-8324-cdab950d210f",
"ipv4-addr--5a044ecf-8a70-4600-8324-cdab950d210f",
"indicator--5a044ecf-6c50-4f56-937f-cd35950d210f",
"indicator--5a044ecf-a4c0-403b-9923-4233950d210f",
"indicator--5a044ed0-08c4-4c72-9551-cda3950d210f",
"indicator--5a044ed0-b238-410e-9bb1-20a6950d210f",
"observed-data--5a044ed0-a514-406f-8de0-4e77950d210f",
"network-traffic--5a044ed0-a514-406f-8de0-4e77950d210f",
"ipv4-addr--5a044ed0-a514-406f-8de0-4e77950d210f",
"indicator--5a044ed0-2498-4074-a602-45f2950d210f",
"indicator--5a044ed1-7554-4dfe-99d1-991b950d210f",
"observed-data--5a044ed1-b108-453b-affc-cc6f950d210f",
"network-traffic--5a044ed1-b108-453b-affc-cc6f950d210f",
"ipv4-addr--5a044ed1-b108-453b-affc-cc6f950d210f",
"observed-data--5a044ed1-3170-44eb-b4bb-cd7d950d210f",
"network-traffic--5a044ed1-3170-44eb-b4bb-cd7d950d210f",
"ipv4-addr--5a044ed1-3170-44eb-b4bb-cd7d950d210f",
"observed-data--5a044ed2-bb8c-44e7-b091-717b950d210f",
"network-traffic--5a044ed2-bb8c-44e7-b091-717b950d210f",
"ipv4-addr--5a044ed2-bb8c-44e7-b091-717b950d210f",
"observed-data--5a044ed2-a16c-46a3-9685-44ec950d210f",
"network-traffic--5a044ed2-a16c-46a3-9685-44ec950d210f",
"ipv4-addr--5a044ed2-a16c-46a3-9685-44ec950d210f",
"observed-data--5a044ed2-9ee4-4908-9e60-cdb4950d210f",
"network-traffic--5a044ed2-9ee4-4908-9e60-cdb4950d210f",
"ipv4-addr--5a044ed2-9ee4-4908-9e60-cdb4950d210f",
"observed-data--5a044ed2-00bc-4dfb-a3e0-48c3950d210f",
"network-traffic--5a044ed2-00bc-4dfb-a3e0-48c3950d210f",
"ipv4-addr--5a044ed2-00bc-4dfb-a3e0-48c3950d210f",
"observed-data--5a044ed3-bbb8-4639-823e-439d950d210f",
"network-traffic--5a044ed3-bbb8-4639-823e-439d950d210f",
"ipv4-addr--5a044ed3-bbb8-4639-823e-439d950d210f",
"observed-data--5a044ed3-4130-4562-9185-44fe950d210f",
"network-traffic--5a044ed3-4130-4562-9185-44fe950d210f",
"ipv4-addr--5a044ed3-4130-4562-9185-44fe950d210f",
"observed-data--5a044ed3-1be0-4100-971b-cd7d950d210f",
"network-traffic--5a044ed3-1be0-4100-971b-cd7d950d210f",
"ipv4-addr--5a044ed3-1be0-4100-971b-cd7d950d210f",
"observed-data--5a044ed4-30c8-48ef-9fb2-cd35950d210f",
"network-traffic--5a044ed4-30c8-48ef-9fb2-cd35950d210f",
"ipv4-addr--5a044ed4-30c8-48ef-9fb2-cd35950d210f",
"observed-data--5a044ed4-7d50-4d06-8f0f-4c40950d210f",
"network-traffic--5a044ed4-7d50-4d06-8f0f-4c40950d210f",
"ipv4-addr--5a044ed4-7d50-4d06-8f0f-4c40950d210f",
"observed-data--5a044ed4-cff0-465e-af6b-4a56950d210f",
"network-traffic--5a044ed4-cff0-465e-af6b-4a56950d210f",
"ipv4-addr--5a044ed4-cff0-465e-af6b-4a56950d210f",
"observed-data--5a044ed4-bda8-45ed-9993-cdb4950d210f",
"network-traffic--5a044ed4-bda8-45ed-9993-cdb4950d210f",
"ipv4-addr--5a044ed4-bda8-45ed-9993-cdb4950d210f",
"observed-data--5a044ed5-455c-4cdc-92cb-430c950d210f",
"network-traffic--5a044ed5-455c-4cdc-92cb-430c950d210f",
"ipv4-addr--5a044ed5-455c-4cdc-92cb-430c950d210f",
"observed-data--5a044ed5-7200-426d-a34e-2214950d210f",
"network-traffic--5a044ed5-7200-426d-a34e-2214950d210f",
"ipv4-addr--5a044ed5-7200-426d-a34e-2214950d210f",
"observed-data--5a044ed5-dd58-4892-b825-4863950d210f",
"network-traffic--5a044ed5-dd58-4892-b825-4863950d210f",
"ipv4-addr--5a044ed5-dd58-4892-b825-4863950d210f",
"observed-data--5a044ed6-9770-4714-8de8-cd7d950d210f",
"network-traffic--5a044ed6-9770-4714-8de8-cd7d950d210f",
"ipv4-addr--5a044ed6-9770-4714-8de8-cd7d950d210f",
"observed-data--5a044ed6-6c1c-4438-a4e8-717b950d210f",
"network-traffic--5a044ed6-6c1c-4438-a4e8-717b950d210f",
"ipv4-addr--5a044ed6-6c1c-4438-a4e8-717b950d210f",
"observed-data--5a044ed6-7028-45a9-9513-cda3950d210f",
"network-traffic--5a044ed6-7028-45a9-9513-cda3950d210f",
"ipv4-addr--5a044ed6-7028-45a9-9513-cda3950d210f",
"observed-data--5a044ed6-9274-4758-bf80-cdb4950d210f",
"network-traffic--5a044ed6-9274-4758-bf80-cdb4950d210f",
"ipv4-addr--5a044ed6-9274-4758-bf80-cdb4950d210f",
"observed-data--5a044ed7-618c-450b-883d-75a9950d210f",
"network-traffic--5a044ed7-618c-450b-883d-75a9950d210f",
"ipv4-addr--5a044ed7-618c-450b-883d-75a9950d210f",
"observed-data--5a044ed7-5be4-4402-a588-991b950d210f",
"network-traffic--5a044ed7-5be4-4402-a588-991b950d210f",
"ipv4-addr--5a044ed7-5be4-4402-a588-991b950d210f",
"observed-data--5a044ed7-f23c-41a9-a967-4355950d210f",
"network-traffic--5a044ed7-f23c-41a9-a967-4355950d210f",
"ipv4-addr--5a044ed7-f23c-41a9-a967-4355950d210f",
"observed-data--5a044ed8-b91c-4c06-9d69-cd7d950d210f",
"network-traffic--5a044ed8-b91c-4c06-9d69-cd7d950d210f",
"ipv4-addr--5a044ed8-b91c-4c06-9d69-cd7d950d210f",
"observed-data--5a044ed8-ca3c-406f-b637-cd35950d210f",
"network-traffic--5a044ed8-ca3c-406f-b637-cd35950d210f",
"ipv4-addr--5a044ed8-ca3c-406f-b637-cd35950d210f",
"observed-data--5a044ed8-57e4-4970-a252-4e63950d210f",
"network-traffic--5a044ed8-57e4-4970-a252-4e63950d210f",
"ipv4-addr--5a044ed8-57e4-4970-a252-4e63950d210f",
"indicator--5a04b527-d510-4195-8195-400a02de0b81",
"indicator--5a04b527-1640-46be-bdf3-418e02de0b81",
"observed-data--5a04b527-86f4-4327-9085-4d9702de0b81",
"url--5a04b527-86f4-4327-9085-4d9702de0b81",
"indicator--5a04b527-a4a8-4cea-b11a-4ac102de0b81",
"indicator--5a04b527-0c38-4de7-9bb4-466202de0b81",
"observed-data--5a04b527-6ce8-4069-ba5e-45c702de0b81",
"url--5a04b527-6ce8-4069-ba5e-45c702de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\"",
"misp-galaxy:tool=\"Trick Bot\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec2-4aac-4839-ac9f-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[file:hashes.MD5 = '1949e616ddb130c27c0e65ddb170d5a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec2-1edc-48ad-bf31-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[file:hashes.MD5 = '4cd6a1c9aaf6ef7445900d94a978dfcb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec2-921c-4007-9857-4ab6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[file:hashes.MD5 = '5525cc2e9b021a6c5cda63a7c3a3e9c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec2-a6ac-48db-9608-cdb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[url:value = 'http://cirad.or.id/mnfTRw3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec3-d960-48d0-a2b8-429f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[domain-name:value = 'cirad.or.id']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ec4-f87c-4b99-b7a5-cc6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"first_observed": "2017-11-09T20:05:57Z",
"last_observed": "2017-11-09T20:05:57Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ec4-f87c-4b99-b7a5-cc6f950d210f",
"ipv4-addr--5a044ec4-f87c-4b99-b7a5-cc6f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ec4-f87c-4b99-b7a5-cc6f950d210f",
"dst_ref": "ipv4-addr--5a044ec4-f87c-4b99-b7a5-cc6f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ec4-f87c-4b99-b7a5-cc6f950d210f",
"value": "202.145.0.45"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec4-ffe4-4b1a-8101-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[url:value = 'http://heart-sp.com/mnfTRw3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec4-9820-4356-ad87-4661950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[domain-name:value = 'heart-sp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ec6-37f0-4d22-8c85-4c47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"first_observed": "2017-11-09T20:05:57Z",
"last_observed": "2017-11-09T20:05:57Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ec6-37f0-4d22-8c85-4c47950d210f",
"ipv4-addr--5a044ec6-37f0-4d22-8c85-4c47950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ec6-37f0-4d22-8c85-4c47950d210f",
"dst_ref": "ipv4-addr--5a044ec6-37f0-4d22-8c85-4c47950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ec6-37f0-4d22-8c85-4c47950d210f",
"value": "111.68.20.150"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec6-353c-4c68-a3b2-49bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[url:value = 'http://hilaryandsavio.com/mnfTRw3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec6-ab84-4b85-b123-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"pattern": "[domain-name:value = 'hilaryandsavio.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ec7-19ac-4bec-b7ed-4e9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:57.000Z",
"modified": "2017-11-09T20:05:57.000Z",
"first_observed": "2017-11-09T20:05:57Z",
"last_observed": "2017-11-09T20:05:57Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ec7-19ac-4bec-b7ed-4e9f950d210f",
"ipv4-addr--5a044ec7-19ac-4bec-b7ed-4e9f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ec7-19ac-4bec-b7ed-4e9f950d210f",
"dst_ref": "ipv4-addr--5a044ec7-19ac-4bec-b7ed-4e9f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ec7-19ac-4bec-b7ed-4e9f950d210f",
"value": "72.249.127.194"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec7-6948-4904-bb94-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://internet-webshops.de/mnfTRw3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec7-adb4-4bfe-99ef-4ce6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'internet-webshops.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ec8-a4d4-41f3-91c3-4946950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ec8-a4d4-41f3-91c3-4946950d210f",
"ipv4-addr--5a044ec8-a4d4-41f3-91c3-4946950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ec8-a4d4-41f3-91c3-4946950d210f",
"dst_ref": "ipv4-addr--5a044ec8-a4d4-41f3-91c3-4946950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ec8-a4d4-41f3-91c3-4946950d210f",
"value": "217.160.224.147"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec8-98a8-4dae-807d-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://givagarden.com/mnfTRw3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec8-6e88-492b-b465-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'givagarden.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ec8-560c-4c98-a799-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ec8-560c-4c98-a799-cd35950d210f",
"ipv4-addr--5a044ec8-560c-4c98-a799-cd35950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ec8-560c-4c98-a799-cd35950d210f",
"dst_ref": "ipv4-addr--5a044ec8-560c-4c98-a799-cd35950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ec8-560c-4c98-a799-cd35950d210f",
"value": "93.186.244.43"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec9-2674-4c92-973b-2214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://toptrends.org/ndgHSKFte4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ec9-01e4-4eb9-981e-4eba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'toptrends.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044eca-e554-4590-8358-4c28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044eca-e554-4590-8358-4c28950d210f",
"ipv4-addr--5a044eca-e554-4590-8358-4c28950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044eca-e554-4590-8358-4c28950d210f",
"dst_ref": "ipv4-addr--5a044eca-e554-4590-8358-4c28950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044eca-e554-4590-8358-4c28950d210f",
"value": "87.230.95.138"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044eca-9580-4921-bcd1-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://celebrityonline.cz/ndgHSKFte4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044eca-20e4-4db6-8816-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'celebrityonline.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ecb-ce04-4144-bd4c-4d45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ecb-ce04-4144-bd4c-4d45950d210f",
"ipv4-addr--5a044ecb-ce04-4144-bd4c-4d45950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ecb-ce04-4144-bd4c-4d45950d210f",
"dst_ref": "ipv4-addr--5a044ecb-ce04-4144-bd4c-4d45950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ecb-ce04-4144-bd4c-4d45950d210f",
"value": "78.24.8.144"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecb-6658-4a5c-8d08-4021950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://aurea-art.ru/ndgHSKFte4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecb-a790-4494-8965-cdb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'aurea-art.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ecb-36f0-43d5-970c-2214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ecb-36f0-43d5-970c-2214950d210f",
"ipv4-addr--5a044ecb-36f0-43d5-970c-2214950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ecb-36f0-43d5-970c-2214950d210f",
"dst_ref": "ipv4-addr--5a044ecb-36f0-43d5-970c-2214950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ecb-36f0-43d5-970c-2214950d210f",
"value": "212.220.124.226"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecc-3428-481d-96b6-44f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://transmercasa.com/ndgHSKFte4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecc-f998-4ea3-b12d-cdb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'transmercasa.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ecc-808c-437a-9c38-cc6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ecc-808c-437a-9c38-cc6f950d210f",
"ipv4-addr--5a044ecc-808c-437a-9c38-cc6f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ecc-808c-437a-9c38-cc6f950d210f",
"dst_ref": "ipv4-addr--5a044ecc-808c-437a-9c38-cc6f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ecc-808c-437a-9c38-cc6f950d210f",
"value": "75.98.175.70"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecc-13d8-4f6e-96fa-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://envi-herzog.de/ndgHSKFte4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecd-080c-412a-a7a6-400a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'envi-herzog.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ecd-d81c-4ce0-86f7-4777950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ecd-d81c-4ce0-86f7-4777950d210f",
"ipv4-addr--5a044ecd-d81c-4ce0-86f7-4777950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ecd-d81c-4ce0-86f7-4777950d210f",
"dst_ref": "ipv4-addr--5a044ecd-d81c-4ce0-86f7-4777950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ecd-d81c-4ce0-86f7-4777950d210f",
"value": "194.116.187.130"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecd-0f68-4015-a3d0-20a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://dotecnia.cl/ndgHSKFte4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecd-09dc-4877-82e5-424c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'dotecnia.cl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ece-540c-4253-8932-cdb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ece-540c-4253-8932-cdb1950d210f",
"ipv4-addr--5a044ece-540c-4253-8932-cdb1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ece-540c-4253-8932-cdb1950d210f",
"dst_ref": "ipv4-addr--5a044ece-540c-4253-8932-cdb1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ece-540c-4253-8932-cdb1950d210f",
"value": "72.249.104.96"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ece-2410-4c72-8770-4694950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://claridge-holdings.com/ndgHSKFte4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ece-e60c-4808-8a9c-4c53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'claridge-holdings.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ecf-8a70-4600-8324-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ecf-8a70-4600-8324-cdab950d210f",
"ipv4-addr--5a044ecf-8a70-4600-8324-cdab950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ecf-8a70-4600-8324-cdab950d210f",
"dst_ref": "ipv4-addr--5a044ecf-8a70-4600-8324-cdab950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ecf-8a70-4600-8324-cdab950d210f",
"value": "202.160.120.194"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecf-6c50-4f56-937f-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://dalmobil.info/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ecf-a4c0-403b-9923-4233950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'dalmobil.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ed0-08c4-4c72-9551-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://flipcapella.com/KJ63dggs332']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ed0-b238-410e-9bb1-20a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'flipcapella.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed0-a514-406f-8de0-4e77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed0-a514-406f-8de0-4e77950d210f",
"ipv4-addr--5a044ed0-a514-406f-8de0-4e77950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed0-a514-406f-8de0-4e77950d210f",
"dst_ref": "ipv4-addr--5a044ed0-a514-406f-8de0-4e77950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed0-a514-406f-8de0-4e77950d210f",
"value": "188.40.94.83"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ed0-2498-4074-a602-45f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[url:value = 'http://hobbystube.net/djskfh824']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ed1-7554-4dfe-99d1-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"pattern": "[domain-name:value = 'hobbystube.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed1-b108-453b-affc-cc6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed1-b108-453b-affc-cc6f950d210f",
"ipv4-addr--5a044ed1-b108-453b-affc-cc6f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed1-b108-453b-affc-cc6f950d210f",
"dst_ref": "ipv4-addr--5a044ed1-b108-453b-affc-cc6f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed1-b108-453b-affc-cc6f950d210f",
"value": "83.220.128.111"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed1-3170-44eb-b4bb-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed1-3170-44eb-b4bb-cd7d950d210f",
"ipv4-addr--5a044ed1-3170-44eb-b4bb-cd7d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed1-3170-44eb-b4bb-cd7d950d210f",
"dst_ref": "ipv4-addr--5a044ed1-3170-44eb-b4bb-cd7d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed1-3170-44eb-b4bb-cd7d950d210f",
"value": "176.120.126.21"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed2-bb8c-44e7-b091-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed2-bb8c-44e7-b091-717b950d210f",
"ipv4-addr--5a044ed2-bb8c-44e7-b091-717b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed2-bb8c-44e7-b091-717b950d210f",
"dst_ref": "ipv4-addr--5a044ed2-bb8c-44e7-b091-717b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed2-bb8c-44e7-b091-717b950d210f",
"value": "156.17.92.161"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed2-a16c-46a3-9685-44ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed2-a16c-46a3-9685-44ec950d210f",
"ipv4-addr--5a044ed2-a16c-46a3-9685-44ec950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed2-a16c-46a3-9685-44ec950d210f",
"dst_ref": "ipv4-addr--5a044ed2-a16c-46a3-9685-44ec950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed2-a16c-46a3-9685-44ec950d210f",
"value": "187.191.0.42"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed2-9ee4-4908-9e60-cdb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed2-9ee4-4908-9e60-cdb4950d210f",
"ipv4-addr--5a044ed2-9ee4-4908-9e60-cdb4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed2-9ee4-4908-9e60-cdb4950d210f",
"dst_ref": "ipv4-addr--5a044ed2-9ee4-4908-9e60-cdb4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed2-9ee4-4908-9e60-cdb4950d210f",
"value": "181.211.34.154"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed2-00bc-4dfb-a3e0-48c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed2-00bc-4dfb-a3e0-48c3950d210f",
"ipv4-addr--5a044ed2-00bc-4dfb-a3e0-48c3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed2-00bc-4dfb-a3e0-48c3950d210f",
"dst_ref": "ipv4-addr--5a044ed2-00bc-4dfb-a3e0-48c3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed2-00bc-4dfb-a3e0-48c3950d210f",
"value": "200.117.251.52"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed3-bbb8-4639-823e-439d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed3-bbb8-4639-823e-439d950d210f",
"ipv4-addr--5a044ed3-bbb8-4639-823e-439d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed3-bbb8-4639-823e-439d950d210f",
"dst_ref": "ipv4-addr--5a044ed3-bbb8-4639-823e-439d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed3-bbb8-4639-823e-439d950d210f",
"value": "78.24.217.88"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed3-4130-4562-9185-44fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed3-4130-4562-9185-44fe950d210f",
"ipv4-addr--5a044ed3-4130-4562-9185-44fe950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed3-4130-4562-9185-44fe950d210f",
"dst_ref": "ipv4-addr--5a044ed3-4130-4562-9185-44fe950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed3-4130-4562-9185-44fe950d210f",
"value": "62.109.1.68"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed3-1be0-4100-971b-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed3-1be0-4100-971b-cd7d950d210f",
"ipv4-addr--5a044ed3-1be0-4100-971b-cd7d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed3-1be0-4100-971b-cd7d950d210f",
"dst_ref": "ipv4-addr--5a044ed3-1be0-4100-971b-cd7d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed3-1be0-4100-971b-cd7d950d210f",
"value": "195.133.147.74"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed4-30c8-48ef-9fb2-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed4-30c8-48ef-9fb2-cd35950d210f",
"ipv4-addr--5a044ed4-30c8-48ef-9fb2-cd35950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed4-30c8-48ef-9fb2-cd35950d210f",
"dst_ref": "ipv4-addr--5a044ed4-30c8-48ef-9fb2-cd35950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed4-30c8-48ef-9fb2-cd35950d210f",
"value": "195.133.146.117"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed4-7d50-4d06-8f0f-4c40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed4-7d50-4d06-8f0f-4c40950d210f",
"ipv4-addr--5a044ed4-7d50-4d06-8f0f-4c40950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed4-7d50-4d06-8f0f-4c40950d210f",
"dst_ref": "ipv4-addr--5a044ed4-7d50-4d06-8f0f-4c40950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed4-7d50-4d06-8f0f-4c40950d210f",
"value": "195.133.146.122"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed4-cff0-465e-af6b-4a56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed4-cff0-465e-af6b-4a56950d210f",
"ipv4-addr--5a044ed4-cff0-465e-af6b-4a56950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed4-cff0-465e-af6b-4a56950d210f",
"dst_ref": "ipv4-addr--5a044ed4-cff0-465e-af6b-4a56950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed4-cff0-465e-af6b-4a56950d210f",
"value": "78.24.222.226"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed4-bda8-45ed-9993-cdb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed4-bda8-45ed-9993-cdb4950d210f",
"ipv4-addr--5a044ed4-bda8-45ed-9993-cdb4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed4-bda8-45ed-9993-cdb4950d210f",
"dst_ref": "ipv4-addr--5a044ed4-bda8-45ed-9993-cdb4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed4-bda8-45ed-9993-cdb4950d210f",
"value": "95.213.252.23"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed5-455c-4cdc-92cb-430c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed5-455c-4cdc-92cb-430c950d210f",
"ipv4-addr--5a044ed5-455c-4cdc-92cb-430c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed5-455c-4cdc-92cb-430c950d210f",
"dst_ref": "ipv4-addr--5a044ed5-455c-4cdc-92cb-430c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed5-455c-4cdc-92cb-430c950d210f",
"value": "95.213.251.95"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed5-7200-426d-a34e-2214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed5-7200-426d-a34e-2214950d210f",
"ipv4-addr--5a044ed5-7200-426d-a34e-2214950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed5-7200-426d-a34e-2214950d210f",
"dst_ref": "ipv4-addr--5a044ed5-7200-426d-a34e-2214950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed5-7200-426d-a34e-2214950d210f",
"value": "194.87.93.55"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed5-dd58-4892-b825-4863950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed5-dd58-4892-b825-4863950d210f",
"ipv4-addr--5a044ed5-dd58-4892-b825-4863950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed5-dd58-4892-b825-4863950d210f",
"dst_ref": "ipv4-addr--5a044ed5-dd58-4892-b825-4863950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed5-dd58-4892-b825-4863950d210f",
"value": "62.109.8.186"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed6-9770-4714-8de8-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed6-9770-4714-8de8-cd7d950d210f",
"ipv4-addr--5a044ed6-9770-4714-8de8-cd7d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed6-9770-4714-8de8-cd7d950d210f",
"dst_ref": "ipv4-addr--5a044ed6-9770-4714-8de8-cd7d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed6-9770-4714-8de8-cd7d950d210f",
"value": "188.120.246.189"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed6-6c1c-4438-a4e8-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed6-6c1c-4438-a4e8-717b950d210f",
"ipv4-addr--5a044ed6-6c1c-4438-a4e8-717b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed6-6c1c-4438-a4e8-717b950d210f",
"dst_ref": "ipv4-addr--5a044ed6-6c1c-4438-a4e8-717b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed6-6c1c-4438-a4e8-717b950d210f",
"value": "194.87.98.249"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed6-7028-45a9-9513-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed6-7028-45a9-9513-cda3950d210f",
"ipv4-addr--5a044ed6-7028-45a9-9513-cda3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed6-7028-45a9-9513-cda3950d210f",
"dst_ref": "ipv4-addr--5a044ed6-7028-45a9-9513-cda3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed6-7028-45a9-9513-cda3950d210f",
"value": "95.213.195.174"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed6-9274-4758-bf80-cdb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:58.000Z",
"modified": "2017-11-09T20:05:58.000Z",
"first_observed": "2017-11-09T20:05:58Z",
"last_observed": "2017-11-09T20:05:58Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed6-9274-4758-bf80-cdb4950d210f",
"ipv4-addr--5a044ed6-9274-4758-bf80-cdb4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed6-9274-4758-bf80-cdb4950d210f",
"dst_ref": "ipv4-addr--5a044ed6-9274-4758-bf80-cdb4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed6-9274-4758-bf80-cdb4950d210f",
"value": "185.143.173.244"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed7-618c-450b-883d-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"first_observed": "2017-11-09T20:05:59Z",
"last_observed": "2017-11-09T20:05:59Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed7-618c-450b-883d-75a9950d210f",
"ipv4-addr--5a044ed7-618c-450b-883d-75a9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed7-618c-450b-883d-75a9950d210f",
"dst_ref": "ipv4-addr--5a044ed7-618c-450b-883d-75a9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed7-618c-450b-883d-75a9950d210f",
"value": "194.87.110.113"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed7-5be4-4402-a588-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"first_observed": "2017-11-09T20:05:59Z",
"last_observed": "2017-11-09T20:05:59Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed7-5be4-4402-a588-991b950d210f",
"ipv4-addr--5a044ed7-5be4-4402-a588-991b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed7-5be4-4402-a588-991b950d210f",
"dst_ref": "ipv4-addr--5a044ed7-5be4-4402-a588-991b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed7-5be4-4402-a588-991b950d210f",
"value": "179.43.147.241"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed7-f23c-41a9-a967-4355950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"first_observed": "2017-11-09T20:05:59Z",
"last_observed": "2017-11-09T20:05:59Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed7-f23c-41a9-a967-4355950d210f",
"ipv4-addr--5a044ed7-f23c-41a9-a967-4355950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed7-f23c-41a9-a967-4355950d210f",
"dst_ref": "ipv4-addr--5a044ed7-f23c-41a9-a967-4355950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed7-f23c-41a9-a967-4355950d210f",
"value": "82.146.43.178"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed8-b91c-4c06-9d69-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"first_observed": "2017-11-09T20:05:59Z",
"last_observed": "2017-11-09T20:05:59Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed8-b91c-4c06-9d69-cd7d950d210f",
"ipv4-addr--5a044ed8-b91c-4c06-9d69-cd7d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed8-b91c-4c06-9d69-cd7d950d210f",
"dst_ref": "ipv4-addr--5a044ed8-b91c-4c06-9d69-cd7d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed8-b91c-4c06-9d69-cd7d950d210f",
"value": "185.158.114.114"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed8-ca3c-406f-b637-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"first_observed": "2017-11-09T20:05:59Z",
"last_observed": "2017-11-09T20:05:59Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed8-ca3c-406f-b637-cd35950d210f",
"ipv4-addr--5a044ed8-ca3c-406f-b637-cd35950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed8-ca3c-406f-b637-cd35950d210f",
"dst_ref": "ipv4-addr--5a044ed8-ca3c-406f-b637-cd35950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed8-ca3c-406f-b637-cd35950d210f",
"value": "62.109.10.93"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ed8-57e4-4970-a252-4e63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"first_observed": "2017-11-09T20:05:59Z",
"last_observed": "2017-11-09T20:05:59Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ed8-57e4-4970-a252-4e63950d210f",
"ipv4-addr--5a044ed8-57e4-4970-a252-4e63950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ed8-57e4-4970-a252-4e63950d210f",
"dst_ref": "ipv4-addr--5a044ed8-57e4-4970-a252-4e63950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ed8-57e4-4970-a252-4e63950d210f",
"value": "185.34.52.236"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04b527-d510-4195-8195-400a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"description": "- Xchecked via VT: 4cd6a1c9aaf6ef7445900d94a978dfcb",
"pattern": "[file:hashes.SHA256 = 'f4ac7eacaaecdfdcfc9c75e0562ed3c69d814d6455b8aa57cc46bc0301681f87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04b527-1640-46be-bdf3-418e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"description": "- Xchecked via VT: 4cd6a1c9aaf6ef7445900d94a978dfcb",
"pattern": "[file:hashes.SHA1 = 'a00eaf4174afc4086356f87cc3df1255dd707604']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04b527-86f4-4327-9085-4d9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"first_observed": "2017-11-09T20:05:59Z",
"last_observed": "2017-11-09T20:05:59Z",
"number_observed": 1,
"object_refs": [
"url--5a04b527-86f4-4327-9085-4d9702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a04b527-86f4-4327-9085-4d9702de0b81",
"value": "https://www.virustotal.com/file/f4ac7eacaaecdfdcfc9c75e0562ed3c69d814d6455b8aa57cc46bc0301681f87/analysis/1509591920/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04b527-a4a8-4cea-b11a-4ac102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"description": "- Xchecked via VT: 1949e616ddb130c27c0e65ddb170d5a9",
"pattern": "[file:hashes.SHA256 = 'cdb624ad2e278dc12047d4216f8b79d49824db2827be4d626e8108a07683d596']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04b527-0c38-4de7-9bb4-466202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"description": "- Xchecked via VT: 1949e616ddb130c27c0e65ddb170d5a9",
"pattern": "[file:hashes.SHA1 = '0887de24845eb898c5bcaba9139ed701cde61325']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:05:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04b527-6ce8-4069-ba5e-45c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:05:59.000Z",
"modified": "2017-11-09T20:05:59.000Z",
"first_observed": "2017-11-09T20:05:59Z",
"last_observed": "2017-11-09T20:05:59Z",
"number_observed": 1,
"object_refs": [
"url--5a04b527-6ce8-4069-ba5e-45c702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a04b527-6ce8-4069-ba5e-45c702de0b81",
"value": "https://www.virustotal.com/file/cdb624ad2e278dc12047d4216f8b79d49824db2827be4d626e8108a07683d596/analysis/1509682395/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}