{ "type": "bundle", "id": "bundle--576d3a39-fe90-4921-85cc-4e3c950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T15:14:20.000Z", "modified": "2016-06-24T15:14:20.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--576d3a39-fe90-4921-85cc-4e3c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T15:14:20.000Z", "modified": "2016-06-24T15:14:20.000Z", "name": "Malspam 2016-06-24 (Locky)", "published": "2016-06-24T15:18:16Z", "object_refs": [ "indicator--576d3a7e-6310-4ee7-9f59-471f950d210f", "indicator--576d3a7e-64ec-498d-bd9d-4746950d210f", "indicator--576d3a7e-ba14-4f53-b6fb-477c950d210f", "indicator--576d3a7e-4c04-45d7-8485-4049950d210f", "indicator--576d3a7f-85f8-477a-b3dc-469b950d210f", "indicator--576d3a7f-dfd0-4cfe-8b0b-4c2f950d210f", "indicator--576d3a7f-4d20-40c8-bc64-4dbf950d210f", "indicator--576d3a7f-8420-4614-b5d1-48b0950d210f", "indicator--576d3a7f-d254-40f6-bb7d-493a950d210f", "indicator--576d3a7f-44fc-4b9f-b93b-4128950d210f", "indicator--576d3a80-ab58-41e6-a6ae-43aa950d210f", "indicator--576d3a80-c5dc-4e40-800d-47b1950d210f", "indicator--576d3a80-65fc-4439-84d1-400e950d210f", "indicator--576d3a80-9df0-410e-a14d-4414950d210f", "indicator--576d3a80-4a84-4fb6-9bf4-42db950d210f", "indicator--576d3a81-9874-4f9a-9f07-4d3b950d210f", "indicator--576d3a81-7e20-4a84-8b50-4dc9950d210f", "indicator--576d3a81-b5dc-4bcc-8511-477e950d210f", "indicator--576d3a81-1d08-4015-aa0d-46e9950d210f", "indicator--576d3a81-f694-45c2-b51d-41cb950d210f", "indicator--576d3a82-04e4-45a7-beca-492a950d210f", "indicator--576d3a82-6618-42a0-93e3-4684950d210f", "indicator--576d3a82-1a34-46eb-be96-4b16950d210f", "indicator--576d3a82-5728-4d88-b437-4732950d210f", "indicator--576d3a82-fcc4-49ad-b937-4829950d210f", "indicator--576d3a83-7dd0-4bb2-b061-4da6950d210f", "indicator--576d3a83-5c4c-4559-977f-4d45950d210f", "indicator--576d3a83-697c-446c-bfca-4d04950d210f", "indicator--576d3a83-898c-4997-add0-4c2c950d210f", "indicator--576d3a83-c95c-456c-97ae-46ba950d210f", "indicator--576d3a83-6ba8-4f2b-bc4f-4c94950d210f", "indicator--576d3a84-ebc0-4d8c-91d2-4cfe950d210f", "indicator--576d3a84-3278-4c82-987f-4a18950d210f", "indicator--576d3a84-6808-4055-966c-410b950d210f", "indicator--576d3a84-2a34-4d9f-aada-41ab950d210f", "indicator--576d3a85-7b94-4c1f-8800-44a3950d210f", "indicator--576d3a85-1194-4994-8fad-4793950d210f", "indicator--576d3a85-b254-440d-a288-42be950d210f", "indicator--576d3a85-cc3c-4748-bfa8-4ffe950d210f", "indicator--576d3a85-f1f0-4d6f-903d-4df8950d210f", "indicator--576d3a86-81b4-4d0f-b0b7-472f950d210f", "indicator--576d3a86-3138-4c3e-8b66-440e950d210f", "indicator--576d3a86-0920-498b-bb53-4fec950d210f", "indicator--576d3a86-a970-430b-962e-448d950d210f", "indicator--576d3a86-2968-4f06-a08f-47e6950d210f", "indicator--576d3a87-e088-42bd-bed4-4f8d950d210f", "indicator--576d3a87-6b0c-4dba-aab3-424a950d210f", "indicator--576d3a87-6228-4809-9380-4b5c950d210f", "indicator--576d3a87-e0c0-48de-86db-49ae950d210f", "indicator--576d3a87-23ac-4ee2-bc10-407a950d210f", "indicator--576d3a88-a7b0-4051-9cc7-475e950d210f", "indicator--576d3a88-b9c4-4aa3-948e-4b3b950d210f", "indicator--576d3a88-39fc-416c-a8fd-4836950d210f", "indicator--576d3a88-290c-4e62-973a-4abc950d210f", "indicator--576d3a88-d5e0-464d-8744-450d950d210f", "indicator--576d3a89-8d14-4605-8907-4b0d950d210f", "indicator--576d3a89-f648-442b-b188-452b950d210f", "indicator--576d3a89-e8e8-479e-9d75-4b0d950d210f", "indicator--576d3a89-4f3c-4512-887d-4b18950d210f", "indicator--576d3a89-4d08-4750-b484-45d5950d210f", "indicator--576d3a8a-5f0c-48e8-b96f-4585950d210f", "indicator--576d3a8a-5cc4-452b-bc88-48fe950d210f", "indicator--576d3a8a-51fc-454f-b687-4876950d210f", "indicator--576d3a8a-385c-4573-a624-44f2950d210f", "indicator--576d3a8a-3f9c-488c-bde0-469a950d210f", "indicator--576d3a8a-1ec8-4579-8b13-41c6950d210f", "indicator--576d3a8b-f06c-4b19-a406-4cb6950d210f", "indicator--576d4e4b-6ecc-4952-bc2c-4a09950d210f", "indicator--576d4e4b-6478-46b7-b746-495d950d210f", "indicator--576d4e4b-c338-4d05-a6eb-4dc6950d210f", "indicator--576d4e4c-3328-4331-9cfe-4980950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7e-6310-4ee7-9f59-471f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:50.000Z", "modified": "2016-06-24T13:49:50.000Z", "description": "download location", "pattern": "[url:value = 'http://neoventtechnologies.com/bvbebi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7e-64ec-498d-bd9d-4746950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:50.000Z", "modified": "2016-06-24T13:49:50.000Z", "description": "download location", "pattern": "[domain-name:value = 'neoventtechnologies.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7e-ba14-4f53-b6fb-477c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:50.000Z", "modified": "2016-06-24T13:49:50.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.235.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7e-4c04-45d7-8485-4049950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:50.000Z", "modified": "2016-06-24T13:49:50.000Z", "description": "download location", "pattern": "[url:value = 'http://www.members.aon.at/~cfabian1/56v7o']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7f-85f8-477a-b3dc-469b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:51.000Z", "modified": "2016-06-24T13:49:51.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.members.aon.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7f-dfd0-4cfe-8b0b-4c2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:51.000Z", "modified": "2016-06-24T13:49:51.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.3.96.72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7f-4d20-40c8-bc64-4dbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:51.000Z", "modified": "2016-06-24T13:49:51.000Z", "description": "download location", "pattern": "[url:value = 'http://sherlock.uvishere.com/lzjgi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7f-8420-4614-b5d1-48b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:51.000Z", "modified": "2016-06-24T13:49:51.000Z", "description": "download location", "pattern": "[domain-name:value = 'sherlock.uvishere.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7f-d254-40f6-bb7d-493a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:51.000Z", "modified": "2016-06-24T13:49:51.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.195.124.97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a7f-44fc-4b9f-b93b-4128950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:51.000Z", "modified": "2016-06-24T13:49:51.000Z", "description": "download location", "pattern": "[url:value = 'http://80.109.240.71/~m.lingg/ghpeaew']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a80-ab58-41e6-a6ae-43aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:52.000Z", "modified": "2016-06-24T13:49:52.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.109.240.71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a80-c5dc-4e40-800d-47b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:52.000Z", "modified": "2016-06-24T13:49:52.000Z", "description": "download location", "pattern": "[url:value = 'http://formateam-finance.com/3n72h']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a80-65fc-4439-84d1-400e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:52.000Z", "modified": "2016-06-24T13:49:52.000Z", "description": "download location", "pattern": "[domain-name:value = 'formateam-finance.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a80-9df0-410e-a14d-4414950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:52.000Z", "modified": "2016-06-24T13:49:52.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a80-4a84-4fb6-9bf4-42db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:52.000Z", "modified": "2016-06-24T13:49:52.000Z", "description": "download location", "pattern": "[url:value = 'http://camera-test.hi2.ro/msjs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a81-9874-4f9a-9f07-4d3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:53.000Z", "modified": "2016-06-24T13:49:53.000Z", "description": "download location", "pattern": "[domain-name:value = 'camera-test.hi2.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a81-7e20-4a84-8b50-4dc9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:53.000Z", "modified": "2016-06-24T13:49:53.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.42.39.67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a81-b5dc-4bcc-8511-477e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:53.000Z", "modified": "2016-06-24T13:49:53.000Z", "description": "download location", "pattern": "[url:value = 'http://212.40.5.95/~tonex/9ln841']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a81-1d08-4015-aa0d-46e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:53.000Z", "modified": "2016-06-24T13:49:53.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.40.5.95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a81-f694-45c2-b51d-41cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:53.000Z", "modified": "2016-06-24T13:49:53.000Z", "description": "download location", "pattern": "[url:value = 'http://217.26.70.230/~altomdo/09uom']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a82-04e4-45a7-beca-492a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:54.000Z", "modified": "2016-06-24T13:49:54.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.26.70.230']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a82-6618-42a0-93e3-4684950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:54.000Z", "modified": "2016-06-24T13:49:54.000Z", "description": "download location", "pattern": "[url:value = 'http://www.hotelmoonnightnikola.free.bg/k499xf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a82-1a34-46eb-be96-4b16950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:54.000Z", "modified": "2016-06-24T13:49:54.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.hotelmoonnightnikola.free.bg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a82-5728-4d88-b437-4732950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:54.000Z", "modified": "2016-06-24T13:49:54.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.40.80.188']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a82-fcc4-49ad-b937-4829950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:54.000Z", "modified": "2016-06-24T13:49:54.000Z", "description": "download location", "pattern": "[url:value = 'http://camera-test.hi2.ro/kezw5md']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a83-7dd0-4bb2-b061-4da6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:55.000Z", "modified": "2016-06-24T13:49:55.000Z", "description": "download location", "pattern": "[url:value = 'http://205.167.142.107/~3kelly/bqsm9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a83-5c4c-4559-977f-4d45950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:55.000Z", "modified": "2016-06-24T13:49:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '205.167.142.107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a83-697c-446c-bfca-4d04950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:55.000Z", "modified": "2016-06-24T13:49:55.000Z", "description": "download location", "pattern": "[url:value = 'http://www.fancyupage.com/webroot/1nemk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a83-898c-4997-add0-4c2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:55.000Z", "modified": "2016-06-24T13:49:55.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.fancyupage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a83-c95c-456c-97ae-46ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:55.000Z", "modified": "2016-06-24T13:49:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.36.128']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a83-6ba8-4f2b-bc4f-4c94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:55.000Z", "modified": "2016-06-24T13:49:55.000Z", "description": "download location", "pattern": "[url:value = 'http://www.beautycollegeofamca.com/h17if71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a84-ebc0-4d8c-91d2-4cfe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:56.000Z", "modified": "2016-06-24T13:49:56.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.beautycollegeofamca.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a84-3278-4c82-987f-4a18950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:56.000Z", "modified": "2016-06-24T13:49:56.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.191.132']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a84-6808-4055-966c-410b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:56.000Z", "modified": "2016-06-24T13:49:56.000Z", "description": "download location", "pattern": "[url:value = 'http://23.229.137.8/~monkeyadvertisin/8vks94cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a84-2a34-4d9f-aada-41ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:56.000Z", "modified": "2016-06-24T13:49:56.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.137.8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a85-7b94-4c1f-8800-44a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:57.000Z", "modified": "2016-06-24T13:49:57.000Z", "description": "download location", "pattern": "[url:value = 'http://emisije.sezamprodukcija.com/3o9v8rp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a85-1194-4994-8fad-4793950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:57.000Z", "modified": "2016-06-24T13:49:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'emisije.sezamprodukcija.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a85-b254-440d-a288-42be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:57.000Z", "modified": "2016-06-24T13:49:57.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.187.199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a85-cc3c-4748-bfa8-4ffe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:57.000Z", "modified": "2016-06-24T13:49:57.000Z", "description": "download location", "pattern": "[url:value = 'http://www.cbactive.com/d8kn9vtb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a85-f1f0-4d6f-903d-4df8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:57.000Z", "modified": "2016-06-24T13:49:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.cbactive.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a86-81b4-4d0f-b0b7-472f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:58.000Z", "modified": "2016-06-24T13:49:58.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.171.33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a86-3138-4c3e-8b66-440e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:58.000Z", "modified": "2016-06-24T13:49:58.000Z", "description": "download location", "pattern": "[url:value = 'http://ws.osenilo.com/7lurx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a86-0920-498b-bb53-4fec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:58.000Z", "modified": "2016-06-24T13:49:58.000Z", "description": "download location", "pattern": "[domain-name:value = 'ws.osenilo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a86-a970-430b-962e-448d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:58.000Z", "modified": "2016-06-24T13:49:58.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.230.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a86-2968-4f06-a08f-47e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:58.000Z", "modified": "2016-06-24T13:49:58.000Z", "description": "download location", "pattern": "[url:value = 'http://sherlock.uvishere.com/jw0qtxrr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a87-e088-42bd-bed4-4f8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:59.000Z", "modified": "2016-06-24T13:49:59.000Z", "description": "download location", "pattern": "[url:value = 'http://67.199.50.113/a3cs5og0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a87-6b0c-4dba-aab3-424a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:59.000Z", "modified": "2016-06-24T13:49:59.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.199.50.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a87-6228-4809-9380-4b5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:59.000Z", "modified": "2016-06-24T13:49:59.000Z", "description": "download location", "pattern": "[url:value = 'http://queza.com/buodw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a87-e0c0-48de-86db-49ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:59.000Z", "modified": "2016-06-24T13:49:59.000Z", "description": "download location", "pattern": "[domain-name:value = 'queza.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a87-23ac-4ee2-bc10-407a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:49:59.000Z", "modified": "2016-06-24T13:49:59.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.88.57.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:49:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a88-a7b0-4051-9cc7-475e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:00.000Z", "modified": "2016-06-24T13:50:00.000Z", "description": "download location", "pattern": "[url:value = 'http://noriegachiropracticclinics.com/g2isru1k']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a88-b9c4-4aa3-948e-4b3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:00.000Z", "modified": "2016-06-24T13:50:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'noriegachiropracticclinics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a88-39fc-416c-a8fd-4836950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:00.000Z", "modified": "2016-06-24T13:50:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '138.229.65.9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a88-290c-4e62-973a-4abc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:00.000Z", "modified": "2016-06-24T13:50:00.000Z", "description": "download location", "pattern": "[url:value = 'http://pinakfoods.com/794vi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a88-d5e0-464d-8744-450d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:00.000Z", "modified": "2016-06-24T13:50:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'pinakfoods.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a89-8d14-4605-8907-4b0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:01.000Z", "modified": "2016-06-24T13:50:01.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '160.153.35.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a89-f648-442b-b188-452b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:01.000Z", "modified": "2016-06-24T13:50:01.000Z", "description": "download location", "pattern": "[url:value = 'http://www.hotelmoonnightnikola.free.bg/mk6a3w3z']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a89-e8e8-479e-9d75-4b0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:01.000Z", "modified": "2016-06-24T13:50:01.000Z", "description": "download location", "pattern": "[url:value = 'http://www.beautycollegeofamca.com/gfzbzv9j']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a89-4f3c-4512-887d-4b18950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:01.000Z", "modified": "2016-06-24T13:50:01.000Z", "description": "download location", "pattern": "[url:value = 'http://layaligroup.com/3hcutyd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a89-4d08-4750-b484-45d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:01.000Z", "modified": "2016-06-24T13:50:01.000Z", "description": "download location", "pattern": "[domain-name:value = 'layaligroup.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a8a-5f0c-48e8-b96f-4585950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:02.000Z", "modified": "2016-06-24T13:50:02.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.51.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a8a-5cc4-452b-bc88-48fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:02.000Z", "modified": "2016-06-24T13:50:02.000Z", "description": "download location", "pattern": "[url:value = 'http://salisburyjc.com/2l72hnm2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a8a-51fc-454f-b687-4876950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:02.000Z", "modified": "2016-06-24T13:50:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'salisburyjc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a8a-385c-4573-a624-44f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:02.000Z", "modified": "2016-06-24T13:50:02.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.116.77.52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a8a-3f9c-488c-bde0-469a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:02.000Z", "modified": "2016-06-24T13:50:02.000Z", "description": "download location", "pattern": "[url:value = 'http://kksokol.euweb.cz/2d0b27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a8a-1ec8-4579-8b13-41c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:02.000Z", "modified": "2016-06-24T13:50:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'kksokol.euweb.cz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d3a8b-f06c-4b19-a406-4cb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T13:50:03.000Z", "modified": "2016-06-24T13:50:03.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.86.117.154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T13:50:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d4e4b-6ecc-4952-bc2c-4a09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T15:14:19.000Z", "modified": "2016-06-24T15:14:19.000Z", "description": "download location", "pattern": "[url:value = 'http://210.116.102.7/2s4x7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T15:14:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d4e4b-6478-46b7-b746-495d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T15:14:19.000Z", "modified": "2016-06-24T15:14:19.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.116.102.7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T15:14:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d4e4b-c338-4d05-a6eb-4dc6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T15:14:19.000Z", "modified": "2016-06-24T15:14:19.000Z", "description": "download location", "pattern": "[url:value = 'http://217.26.70.100/~rollbar/f4duk2jd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T15:14:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576d4e4c-3328-4331-9cfe-4980950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-06-24T15:14:20.000Z", "modified": "2016-06-24T15:14:20.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.26.70.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-06-24T15:14:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }