{ "type": "bundle", "id": "bundle--556d5db3-e464-477f-96de-adf2950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:57:02.000Z", "modified": "2015-06-02T07:57:02.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--556d5db3-e464-477f-96de-adf2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:57:02.000Z", "modified": "2015-06-02T07:57:02.000Z", "name": "OSINT 'Paying-Days' CryptoWall 3.0 Campaign via Magnitude EK report by malwarefor.me", "published": "2015-06-02T08:06:09Z", "object_refs": [ "observed-data--556d5ed7-b2b0-46c5-b31d-a0e9950d210b", "url--556d5ed7-b2b0-46c5-b31d-a0e9950d210b", "indicator--556d5fab-035c-4891-906c-a71c950d210b", "indicator--556d5fab-8e6c-4682-95d2-a71c950d210b", "indicator--556d5fab-be34-46a5-9e39-a71c950d210b", "indicator--556d5fab-15a8-421d-bec7-a71c950d210b", "indicator--556d6002-7230-4a3f-b79d-ae06950d210b", "indicator--556d6002-3608-4524-b910-ae06950d210b", "indicator--556d6003-c79c-40a9-b4f8-ae06950d210b", "indicator--556d6003-8f2c-4890-b60c-ae06950d210b", "indicator--556d6003-2fc8-4b97-b2e9-ae06950d210b", "indicator--556d6003-60f0-4df4-97a0-ae06950d210b", "indicator--556d6003-3600-4228-801c-ae06950d210b", "indicator--556d6003-f2fc-4c04-a5ba-ae06950d210b", "indicator--556d6003-2058-4f8c-a896-ae06950d210b", "indicator--556d6004-c314-4ddd-afac-ae06950d210b", "indicator--556d6004-85f8-4e74-8a1b-ae06950d210b", "observed-data--556d6034-d3f8-432f-b5c7-c95d950d210b", "url--556d6034-d3f8-432f-b5c7-c95d950d210b", "observed-data--556d6034-fa34-4dfe-914f-c95d950d210b", "url--556d6034-fa34-4dfe-914f-c95d950d210b", "observed-data--556d6034-d12c-41fe-878c-c95d950d210b", "url--556d6034-d12c-41fe-878c-c95d950d210b", "observed-data--556d6034-ef50-4a3d-901b-c95d950d210b", "url--556d6034-ef50-4a3d-901b-c95d950d210b", "indicator--556d605f-4b04-402f-b71b-c95e950d210b", "observed-data--556d605f-bf7c-4acc-ac62-c95e950d210b", "domain-name--556d605f-bf7c-4acc-ac62-c95e950d210b", "indicator--556d605f-ce88-4587-b93d-c95e950d210b", "indicator--556d605f-ed10-414b-a44a-c95e950d210b", "indicator--556d605f-65c8-4a7e-9cc8-c95e950d210b", "indicator--556d605f-71ec-4a18-837c-c95e950d210b", "indicator--556d6060-0e18-4006-911e-c95e950d210b", "indicator--556d6060-2178-408b-9126-c95e950d210b", "indicator--556d6060-aa10-450c-b653-c95e950d210b", "indicator--556d6060-b980-4809-a056-c95e950d210b", "indicator--556d6060-3550-42dc-aa8b-c95e950d210b", "indicator--556d6060-0704-44e1-9514-c95e950d210b", "indicator--556d6060-e58c-45e8-8c76-c95e950d210b", "indicator--556d6060-3958-4f92-b967-c95e950d210b", "observed-data--556d60a1-1f18-4ff4-8575-adf1950d210b", "url--556d60a1-1f18-4ff4-8575-adf1950d210b", "observed-data--556d60a1-c66c-474c-a7c5-adf1950d210b", "url--556d60a1-c66c-474c-a7c5-adf1950d210b", "observed-data--556d60a2-1944-4137-93d3-adf1950d210b", "url--556d60a2-1944-4137-93d3-adf1950d210b", "observed-data--556d60a2-8c34-4245-a0b0-adf1950d210b", "url--556d60a2-8c34-4245-a0b0-adf1950d210b", "observed-data--556d60dc-e568-401e-91ce-ae06950d210b", "url--556d60dc-e568-401e-91ce-ae06950d210b", "observed-data--556d60dc-3724-4f74-88c7-ae06950d210b", "url--556d60dc-3724-4f74-88c7-ae06950d210b", "observed-data--556d60dc-ef1c-4c28-a40c-ae06950d210b", "url--556d60dc-ef1c-4c28-a40c-ae06950d210b", "observed-data--556d60dc-f07c-4baf-8458-ae06950d210b", "url--556d60dc-f07c-4baf-8458-ae06950d210b", "observed-data--556d613c-5fdc-4ece-9e13-ae06950d210b", "url--556d613c-5fdc-4ece-9e13-ae06950d210b", "observed-data--556d613d-455c-4da7-9a85-ae06950d210b", "url--556d613d-455c-4da7-9a85-ae06950d210b", "observed-data--556d613d-2c98-4193-bc25-ae06950d210b", "url--556d613d-2c98-4193-bc25-ae06950d210b", "observed-data--556d613d-875c-4bf7-a19f-ae06950d210b", "url--556d613d-875c-4bf7-a19f-ae06950d210b", "observed-data--556d613d-c820-45fb-a6b7-ae06950d210b", "url--556d613d-c820-45fb-a6b7-ae06950d210b", "observed-data--556d613d-658c-446f-a083-ae06950d210b", "url--556d613d-658c-446f-a083-ae06950d210b", "observed-data--556d613d-5854-4782-82c7-ae06950d210b", "url--556d613d-5854-4782-82c7-ae06950d210b", "observed-data--556d613d-6aa4-4d5b-8be4-ae06950d210b", "url--556d613d-6aa4-4d5b-8be4-ae06950d210b", "observed-data--556d613d-f170-43e7-9080-ae06950d210b", "url--556d613d-f170-43e7-9080-ae06950d210b", "observed-data--556d613e-b63c-4623-86d3-ae06950d210b", "url--556d613e-b63c-4623-86d3-ae06950d210b", "observed-data--556d613e-7534-401b-b2da-ae06950d210b", "url--556d613e-7534-401b-b2da-ae06950d210b", "observed-data--556d613e-56b8-4056-8569-ae06950d210b", "url--556d613e-56b8-4056-8569-ae06950d210b", "observed-data--556d613e-cc40-4677-bb57-ae06950d210b", "url--556d613e-cc40-4677-bb57-ae06950d210b", "indicator--556d61ca-b484-4678-aca0-c95a950d210b", "observed-data--556d61ca-1da8-4bea-bf45-c95a950d210b", "domain-name--556d61ca-1da8-4bea-bf45-c95a950d210b", "indicator--556d61cb-4d2c-42dd-a3a4-c95a950d210b", "indicator--556d61cb-3374-45a9-89a8-c95a950d210b", "indicator--556d61cb-ebd4-49f6-8842-c95a950d210b", "indicator--556d61cb-c86c-43eb-ba76-c95a950d210b", "indicator--556d61cb-f65c-4b06-989f-c95a950d210b", "indicator--556d61cb-0180-4492-bfba-c95a950d210b", "indicator--556d61cc-58d0-4227-8908-c95a950d210b", "observed-data--556d61cc-6e78-4bcc-ace1-c95a950d210b", "domain-name--556d61cc-6e78-4bcc-ace1-c95a950d210b", "indicator--556d61cc-d48c-4365-8bad-c95a950d210b", "indicator--556d61cc-63e8-4c3e-8458-c95a950d210b", "indicator--556d61cc-b598-49bb-97d2-c95a950d210b", "observed-data--556d61cc-92c8-4d53-8241-c95a950d210b", "domain-name--556d61cc-92c8-4d53-8241-c95a950d210b", "indicator--556d61cc-b3ac-471a-a920-c95a950d210b", "indicator--556d61cc-f698-4e88-9566-c95a950d210b", "indicator--556d61cd-d3ec-4636-8d5c-c95a950d210b", "indicator--556d61cd-de60-48cf-85c1-c95a950d210b", "indicator--556d61cd-26a8-4cb3-a5ba-c95a950d210b", "indicator--556d61cd-b0b0-4952-a0c2-c95a950d210b", "observed-data--556d61cd-3ebc-455e-a535-c95a950d210b", "domain-name--556d61cd-3ebc-455e-a535-c95a950d210b", "indicator--556d61cd-11a0-4b3b-8706-c95a950d210b", "indicator--556d61cd-b01c-449c-ba7b-c95a950d210b", "indicator--556d61ce-6a4c-4aef-9e4d-c95a950d210b", "observed-data--556d61ce-5d28-4d1e-b280-c95a950d210b", "domain-name--556d61ce-5d28-4d1e-b280-c95a950d210b", "indicator--556d61ce-0130-4c17-ae26-c95a950d210b", "indicator--556d61ce-e288-47bf-b413-c95a950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d5ed7-b2b0-46c5-b31d-a0e9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:56.000Z", "modified": "2015-06-02T07:54:56.000Z", "first_observed": "2015-06-02T07:54:56Z", "last_observed": "2015-06-02T07:54:56Z", "number_observed": 1, "object_refs": [ "url--556d5ed7-b2b0-46c5-b31d-a0e9950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d5ed7-b2b0-46c5-b31d-a0e9950d210b", "value": "http://malwarefor.me/paying-days-cryptowall-3-0-campaign-via-magnitude-ek/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d5fab-035c-4891-906c-a71c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.0/19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d5fab-8e6c-4682-95d2-a71c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.172.189.0/24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d5fab-be34-46a5-9e39-a71c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.60.0/22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d5fab-15a8-421d-bec7-a71c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.241.21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6002-7230-4a3f-b79d-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6002-3608-4524-b910-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'payingdays.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6003-c79c-40a9-b4f8-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.101']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6003-8f2c-4890-b60c-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'payingdays.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6003-2fc8-4b97-b2e9-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'payingdays.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6003-60f0-4df4-97a0-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6003-3600-4228-801c-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'payingday.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6003-f2fc-4c04-a5ba-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'payingday.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6003-2058-4f8c-a896-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.3.242.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6004-c314-4ddd-afac-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'paying-days.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6004-85f8-4e74-8a1b-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'paying-days.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d6034-d3f8-432f-b5c7-c95d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:50:12.000Z", "modified": "2015-06-02T07:50:12.000Z", "first_observed": "2015-06-02T07:50:12Z", "last_observed": "2015-06-02T07:50:12Z", "number_observed": 1, "object_refs": [ "url--556d6034-d3f8-432f-b5c7-c95d950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d6034-d3f8-432f-b5c7-c95d950d210b", "value": "https://www.dropbox.com/s/27ux5o4wblh896e/2015-04-03-paying-days-net.pcap?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d6034-fa34-4dfe-914f-c95d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:50:12.000Z", "modified": "2015-06-02T07:50:12.000Z", "first_observed": "2015-06-02T07:50:12Z", "last_observed": "2015-06-02T07:50:12Z", "number_observed": 1, "object_refs": [ "url--556d6034-fa34-4dfe-914f-c95d950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d6034-fa34-4dfe-914f-c95d950d210b", "value": "https://www.dropbox.com/s/6ydlxsly0v9i0w7/2015-04-03-paying-days-net-malware-exploits.zip?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d6034-d12c-41fe-878c-c95d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:50:12.000Z", "modified": "2015-06-02T07:50:12.000Z", "first_observed": "2015-06-02T07:50:12Z", "last_observed": "2015-06-02T07:50:12Z", "number_observed": 1, "object_refs": [ "url--556d6034-d12c-41fe-878c-c95d950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d6034-d12c-41fe-878c-c95d950d210b", "value": "https://www.virustotal.com/en/file/b6d333814ce4792ca01be3be5ef6d83864c584a003da4e1ed14d310f45794e5f/analysis/1433112993/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d6034-ef50-4a3d-901b-c95d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:50:12.000Z", "modified": "2015-06-02T07:50:12.000Z", "first_observed": "2015-06-02T07:50:12Z", "last_observed": "2015-06-02T07:50:12Z", "number_observed": 1, "object_refs": [ "url--556d6034-ef50-4a3d-901b-c95d950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d6034-ef50-4a3d-901b-c95d950d210b", "value": "https://www.virustotal.com/en/file/11c64ffa432ae10650f8661bc9a3e0b5e18f93539faa5f24e79fc217f7248d29/analysis/1433113002/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d605f-4b04-402f-b71b-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.172.189.239']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d605f-bf7c-4acc-ac62-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "first_observed": "2015-06-02T07:59:56Z", "last_observed": "2015-06-02T07:59:56Z", "number_observed": 1, "object_refs": [ "domain-name--556d605f-bf7c-4acc-ac62-c95e950d210b" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--556d605f-bf7c-4acc-ac62-c95e950d210b", "value": "6e552d8.7f2.fe.477fc.58.d6.c8.6e6c.df3.7b.aiqk05syj176.monthsacts.pw" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d605f-ce88-4587-b93d-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.164.184']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d605f-ed10-414b-a44a-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'ip-addr.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d605f-65c8-4a7e-9cc8-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.92.144.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d605f-71ec-4a18-837c-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'sloeponline.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6060-0e18-4006-911e-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.107.31.55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6060-2178-408b-9126-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'chonburipalms.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6060-aa10-450c-b653-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.50.8.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6060-b980-4809-a056-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'hicoop.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6060-3550-42dc-aa8b-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.31.233.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6060-0704-44e1-9514-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'katadata.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6060-e58c-45e8-8c76-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.242.145.92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d6060-3958-4f92-b967-c95e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'uaru.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d60a1-1f18-4ff4-8575-adf1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:52:01.000Z", "modified": "2015-06-02T07:52:01.000Z", "first_observed": "2015-06-02T07:52:01Z", "last_observed": "2015-06-02T07:52:01Z", "number_observed": 1, "object_refs": [ "url--556d60a1-1f18-4ff4-8575-adf1950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d60a1-1f18-4ff4-8575-adf1950d210b", "value": "https://www.dropbox.com/s/lah20ol4wtf1i4s/2015-04-02-paying-days-com.pcap?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d60a1-c66c-474c-a7c5-adf1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:52:01.000Z", "modified": "2015-06-02T07:52:01.000Z", "first_observed": "2015-06-02T07:52:01Z", "last_observed": "2015-06-02T07:52:01Z", "number_observed": 1, "object_refs": [ "url--556d60a1-c66c-474c-a7c5-adf1950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d60a1-c66c-474c-a7c5-adf1950d210b", "value": "https://www.dropbox.com/s/e4wirq0yxrztd46/2015-04-02-paying-days-com-malware-exploits.zip?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d60a2-1944-4137-93d3-adf1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:52:02.000Z", "modified": "2015-06-02T07:52:02.000Z", "first_observed": "2015-06-02T07:52:02Z", "last_observed": "2015-06-02T07:52:02Z", "number_observed": 1, "object_refs": [ "url--556d60a2-1944-4137-93d3-adf1950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d60a2-1944-4137-93d3-adf1950d210b", "value": "https://www.virustotal.com/en/file/9467156ef5d22e2620e0d643f36213e1d5e53d77e5c23cb8287a77617e5118d7/analysis/1433112868/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d60a2-8c34-4245-a0b0-adf1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:52:02.000Z", "modified": "2015-06-02T07:52:02.000Z", "first_observed": "2015-06-02T07:52:02Z", "last_observed": "2015-06-02T07:52:02Z", "number_observed": 1, "object_refs": [ "url--556d60a2-8c34-4245-a0b0-adf1950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d60a2-8c34-4245-a0b0-adf1950d210b", "value": "https://www.virustotal.com/en/file/1a509c2cc4f993cc44c93e4a6e5cffc7e6211db1f38a2e09a8327a425e9f644b/analysis/1433112877/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d60dc-e568-401e-91ce-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:53:00.000Z", "modified": "2015-06-02T07:53:00.000Z", "first_observed": "2015-06-02T07:53:00Z", "last_observed": "2015-06-02T07:53:00Z", "number_observed": 1, "object_refs": [ "url--556d60dc-e568-401e-91ce-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d60dc-e568-401e-91ce-ae06950d210b", "value": "https://www.dropbox.com/s/u5kdpoqiregzo6m/2015-03-21-payingday-biz.pcap?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d60dc-3724-4f74-88c7-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:53:00.000Z", "modified": "2015-06-02T07:53:00.000Z", "first_observed": "2015-06-02T07:53:00Z", "last_observed": "2015-06-02T07:53:00Z", "number_observed": 1, "object_refs": [ "url--556d60dc-3724-4f74-88c7-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d60dc-3724-4f74-88c7-ae06950d210b", "value": "https://www.dropbox.com/s/h2fvwzu43me3ieo/2015-03-21-payingday-biz-malware-exploits.zip?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d60dc-ef1c-4c28-a40c-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:53:00.000Z", "modified": "2015-06-02T07:53:00.000Z", "first_observed": "2015-06-02T07:53:00Z", "last_observed": "2015-06-02T07:53:00Z", "number_observed": 1, "object_refs": [ "url--556d60dc-ef1c-4c28-a40c-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d60dc-ef1c-4c28-a40c-ae06950d210b", "value": "https://www.virustotal.com/en/file/0b8e15124cb0365e16e837f76a6640fe1417e59d89d95c4a4438caed432dd280/analysis/1433112756/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d60dc-f07c-4baf-8458-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:53:00.000Z", "modified": "2015-06-02T07:53:00.000Z", "first_observed": "2015-06-02T07:53:00Z", "last_observed": "2015-06-02T07:53:00Z", "number_observed": 1, "object_refs": [ "url--556d60dc-f07c-4baf-8458-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d60dc-f07c-4baf-8458-ae06950d210b", "value": "https://www.virustotal.com/en/file/db5cbba38280afd4485def523de91cd324b070485fd28f90c2e69090b6bc7460/analysis/1433112766/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613c-5fdc-4ece-9e13-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:36.000Z", "modified": "2015-06-02T07:54:36.000Z", "first_observed": "2015-06-02T07:54:36Z", "last_observed": "2015-06-02T07:54:36Z", "number_observed": 1, "object_refs": [ "url--556d613c-5fdc-4ece-9e13-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613c-5fdc-4ece-9e13-ae06950d210b", "value": "https://www.dropbox.com/s/wvjq6sy6es1uklq/2015-03-10-payingday-net.pcap?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613d-455c-4da7-9a85-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:37.000Z", "modified": "2015-06-02T07:54:37.000Z", "first_observed": "2015-06-02T07:54:37Z", "last_observed": "2015-06-02T07:54:37Z", "number_observed": 1, "object_refs": [ "url--556d613d-455c-4da7-9a85-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613d-455c-4da7-9a85-ae06950d210b", "value": "https://www.dropbox.com/s/accjal4opyc8hgb/2015-03-10-payingday-net-malware-exploits.zip?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613d-2c98-4193-bc25-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:37.000Z", "modified": "2015-06-02T07:54:37.000Z", "first_observed": "2015-06-02T07:54:37Z", "last_observed": "2015-06-02T07:54:37Z", "number_observed": 1, "object_refs": [ "url--556d613d-2c98-4193-bc25-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613d-2c98-4193-bc25-ae06950d210b", "value": "https://www.virustotal.com/en/file/64913180a734e0127611104941f24cd2e454d80eca0c993a57287687e432bd18/analysis/1433112466/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613d-875c-4bf7-a19f-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:37.000Z", "modified": "2015-06-02T07:54:37.000Z", "first_observed": "2015-06-02T07:54:37Z", "last_observed": "2015-06-02T07:54:37Z", "number_observed": 1, "object_refs": [ "url--556d613d-875c-4bf7-a19f-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613d-875c-4bf7-a19f-ae06950d210b", "value": "https://www.virustotal.com/en/file/461c6f76b9f9a4804558559b0207aef96e0cd6faaaa1aeb51ec6031524809e3d/analysis/1433112475/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613d-c820-45fb-a6b7-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:37.000Z", "modified": "2015-06-02T07:54:37.000Z", "first_observed": "2015-06-02T07:54:37Z", "last_observed": "2015-06-02T07:54:37Z", "number_observed": 1, "object_refs": [ "url--556d613d-c820-45fb-a6b7-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613d-c820-45fb-a6b7-ae06950d210b", "value": "https://www.dropbox.com/s/w4akuoibm8h22nk/2015-03-06-payingdays-me.pcap?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613d-658c-446f-a083-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:37.000Z", "modified": "2015-06-02T07:54:37.000Z", "first_observed": "2015-06-02T07:54:37Z", "last_observed": "2015-06-02T07:54:37Z", "number_observed": 1, "object_refs": [ "url--556d613d-658c-446f-a083-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613d-658c-446f-a083-ae06950d210b", "value": "https://www.dropbox.com/s/qqx4d7k1se6v3fu/2015-03-06-payingdays-me-malware-exploits.zip?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613d-5854-4782-82c7-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:37.000Z", "modified": "2015-06-02T07:54:37.000Z", "first_observed": "2015-06-02T07:54:37Z", "last_observed": "2015-06-02T07:54:37Z", "number_observed": 1, "object_refs": [ "url--556d613d-5854-4782-82c7-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613d-5854-4782-82c7-ae06950d210b", "value": "https://www.virustotal.com/en/file/31a82064ac010cbd7ec75d02a8925df5a3351dea066a973ed480f47f0d843673/analysis/1433112355/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613d-6aa4-4d5b-8be4-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:37.000Z", "modified": "2015-06-02T07:54:37.000Z", "first_observed": "2015-06-02T07:54:37Z", "last_observed": "2015-06-02T07:54:37Z", "number_observed": 1, "object_refs": [ "url--556d613d-6aa4-4d5b-8be4-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613d-6aa4-4d5b-8be4-ae06950d210b", "value": "https://www.virustotal.com/en/file/11d111ea0068865d6b29b0952592dc36a3061878f9bcfa11512c3f7c8a7d8910/analysis/1433112352/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613d-f170-43e7-9080-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:37.000Z", "modified": "2015-06-02T07:54:37.000Z", "first_observed": "2015-06-02T07:54:37Z", "last_observed": "2015-06-02T07:54:37Z", "number_observed": 1, "object_refs": [ "url--556d613d-f170-43e7-9080-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613d-f170-43e7-9080-ae06950d210b", "value": "https://www.dropbox.com/s/ti2i9w95dqm3fj5/2015-03-05-payingdays-net.pcap?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613e-b63c-4623-86d3-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:38.000Z", "modified": "2015-06-02T07:54:38.000Z", "first_observed": "2015-06-02T07:54:38Z", "last_observed": "2015-06-02T07:54:38Z", "number_observed": 1, "object_refs": [ "url--556d613e-b63c-4623-86d3-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613e-b63c-4623-86d3-ae06950d210b", "value": "https://www.dropbox.com/s/xwrxr0kbs05ku3j/2015-03-05-payingdays-net-malware-exploits.zip?dl=0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613e-7534-401b-b2da-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:38.000Z", "modified": "2015-06-02T07:54:38.000Z", "first_observed": "2015-06-02T07:54:38Z", "last_observed": "2015-06-02T07:54:38Z", "number_observed": 1, "object_refs": [ "url--556d613e-7534-401b-b2da-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613e-7534-401b-b2da-ae06950d210b", "value": "https://www.virustotal.com/en/file/c17cc9c8cde83f2e8eca8c150dbb53bf3c21ea2f6f8d52fc3106a0d27ee54387/analysis/1433111134/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613e-56b8-4056-8569-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:38.000Z", "modified": "2015-06-02T07:54:38.000Z", "first_observed": "2015-06-02T07:54:38Z", "last_observed": "2015-06-02T07:54:38Z", "number_observed": 1, "object_refs": [ "url--556d613e-56b8-4056-8569-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613e-56b8-4056-8569-ae06950d210b", "value": "https://www.virustotal.com/en/file/9075693563391ceb6625607066c72c520b8c692fd5381555fadffbe783a672c0/analysis/1433111146/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d613e-cc40-4677-bb57-ae06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:54:38.000Z", "modified": "2015-06-02T07:54:38.000Z", "first_observed": "2015-06-02T07:54:38Z", "last_observed": "2015-06-02T07:54:38Z", "number_observed": 1, "object_refs": [ "url--556d613e-cc40-4677-bb57-ae06950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--556d613e-cc40-4677-bb57-ae06950d210b", "value": "https://www.virustotal.com/en/file/1a1354dfa543dc52472656891cd100e61f1a4e3cb1b6f9ed224286372182522c/analysis/1433111177/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61ca-b484-4678-aca0-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.60.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d61ca-1da8-4bea-bf45-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "first_observed": "2015-06-02T07:59:56Z", "last_observed": "2015-06-02T07:59:56Z", "number_observed": 1, "object_refs": [ "domain-name--556d61ca-1da8-4bea-bf45-c95a950d210b" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--556d61ca-1da8-4bea-bf45-c95a950d210b", "value": "ff.9e155ed.25ed.710.9683e.0b.ffe5d93.b6.ze46v5aetp.comparingcup.in" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cb-4d2c-42dd-a3a4-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.221.161.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cb-3374-45a9-89a8-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'filemade.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cb-ebd4-49f6-8842-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.23.6.131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cb-c86c-43eb-ba76-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'report.93u79i1793qgm31ws3e.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cb-f65c-4b06-989f-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.242.253.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cb-0180-4492-bfba-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'update2.ott3m4lh7.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cc-58d0-4227-8908-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.60.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d61cc-6e78-4bcc-ace1-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "first_observed": "2015-06-02T07:59:56Z", "last_observed": "2015-06-02T07:59:56Z", "number_observed": 1, "object_refs": [ "domain-name--556d61cc-6e78-4bcc-ace1-c95a950d210b" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--556d61cc-6e78-4bcc-ace1-c95a950d210b", "value": "3db1488.e9fa7.a0.23.d726.4909e.99.494a.4.ccgxn328.callheads.in" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cc-d48c-4365-8bad-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.107.31.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cc-63e8-4c3e-8458-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'azquasoft.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cc-b598-49bb-97d2-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.60.75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d61cc-92c8-4d53-8241-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "first_observed": "2015-06-02T07:59:56Z", "last_observed": "2015-06-02T07:59:56Z", "number_observed": 1, "object_refs": [ "domain-name--556d61cc-92c8-4d53-8241-c95a950d210b" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--556d61cc-92c8-4d53-8241-c95a950d210b", "value": "8c521.8a03680.af2411.c3788c.eb8eba8.c.e5rxa5b3.linesadded.in" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cc-b3ac-471a-a920-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:57:00.000Z", "modified": "2015-06-02T07:57:00.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.147.242.171']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:57:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cc-f698-4e88-9566-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'judora-ng.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cd-d3ec-4636-8d5c-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:57:01.000Z", "modified": "2015-06-02T07:57:01.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.195.198.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:57:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cd-de60-48cf-85c1-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'tryea.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cd-26a8-4cb3-a5ba-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:57:01.000Z", "modified": "2015-06-02T07:57:01.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.254.81.96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:57:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cd-b0b0-4952-a0c2-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'aseanian.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d61cd-3ebc-455e-a535-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "first_observed": "2015-06-02T07:59:56Z", "last_observed": "2015-06-02T07:59:56Z", "number_observed": 1, "object_refs": [ "domain-name--556d61cd-3ebc-455e-a535-c95a950d210b" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--556d61cd-3ebc-455e-a535-c95a950d210b", "value": "a10.04854f.a9d.01d9.74ecbb.fbc.2883.f52.j77ea490.inchstraining.in" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cd-11a0-4b3b-8706-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:57:01.000Z", "modified": "2015-06-02T07:57:01.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '182.92.74.222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:57:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61cd-b01c-449c-ba7b-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'geiliyou.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61ce-6a4c-4aef-9e4d-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:57:02.000Z", "modified": "2015-06-02T07:57:02.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.172.189.238']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:57:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--556d61ce-5d28-4d1e-b280-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "first_observed": "2015-06-02T07:59:56Z", "last_observed": "2015-06-02T07:59:56Z", "number_observed": 1, "object_refs": [ "domain-name--556d61ce-5d28-4d1e-b280-c95a950d210b" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--556d61ce-5d28-4d1e-b280-c95a950d210b", "value": "23bc.f1e.8198117.4140.640.e6.1c836.aa5a.y4p52s21bnb.adoptsmaterial.pw" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61ce-0130-4c17-ae26-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:57:02.000Z", "modified": "2015-06-02T07:57:02.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.34.157.174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:57:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556d61ce-e288-47bf-b413-c95a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-06-02T07:59:56.000Z", "modified": "2015-06-02T07:59:56.000Z", "pattern": "[domain-name:value = 'alimco.com.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-06-02T07:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }