{ "type": "bundle", "id": "bundle--578cca12-1490-4cee-85de-4c29950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:25:04.000Z", "modified": "2016-07-18T12:25:04.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--578cca12-1490-4cee-85de-4c29950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:25:04.000Z", "modified": "2016-07-18T12:25:04.000Z", "name": "Malspam 2016-07-18 .wsf (campaign: \"bank account report\")", "published": "2016-07-18T12:25:34Z", "object_refs": [ "indicator--578cca51-f1ac-4ef8-a054-4f95950d210f", "indicator--578cca51-150c-4d19-93e2-4988950d210f", "indicator--578cca52-6480-4bde-9607-4d43950d210f", "indicator--578cca52-be58-4b9e-8ac5-4a74950d210f", "indicator--578cca53-e39c-4eb9-a7ee-434d950d210f", "indicator--578cca53-b100-4f68-948c-4776950d210f", "indicator--578cca53-1334-4097-97be-4563950d210f", "indicator--578cca54-e8d0-4690-8540-43de950d210f", "indicator--578cca54-3d38-4815-a76a-4722950d210f", "indicator--578cca55-4aa4-43ec-9836-4ecd950d210f", "indicator--578cca55-0174-4e64-b0b0-49e6950d210f", "indicator--578cca55-c288-4c80-a522-49d5950d210f", "indicator--578cca56-e0ac-4d83-829d-4479950d210f", "indicator--578cca56-ab48-4e37-923b-49e9950d210f", "indicator--578cca57-479c-4495-950e-40a6950d210f", "indicator--578cca57-1d70-4118-9708-4daa950d210f", "indicator--578cca57-fa1c-45b0-ae8e-4668950d210f", "indicator--578cca58-9e7c-41c7-9bbd-44e7950d210f", "indicator--578cca58-6354-4c53-bfd3-4c0f950d210f", "indicator--578cca59-02ec-4ec3-bc2e-4cf1950d210f", "indicator--578cca59-8108-445f-829c-48ce950d210f", "indicator--578cca59-09dc-4287-8922-4231950d210f", "indicator--578cca5a-4df4-466e-a74d-4a77950d210f", "indicator--578cca5a-123c-450b-b601-4cba950d210f", "indicator--578cca5b-3044-4e4d-846b-49df950d210f", "indicator--578cca5b-4a24-477f-908c-4ef1950d210f", "indicator--578cca5b-04f0-4501-b319-4f16950d210f", "indicator--578cca5c-7b90-4531-8939-4ce4950d210f", "indicator--578cca5c-a1bc-476e-ab0f-4b61950d210f", "indicator--578cca5d-9304-48b9-abfd-4959950d210f", "indicator--578cca5d-8bbc-4f81-b8c7-4532950d210f", "indicator--578cca5d-5e44-49a4-8a1b-490f950d210f", "indicator--578cca5e-1684-426c-8944-4820950d210f", "indicator--578cca5e-d7e0-4170-829a-4ab5950d210f", "indicator--578cca5f-e8d0-4acd-870e-45de950d210f", "indicator--578cca5f-5438-4075-9f79-4710950d210f", "indicator--578cca5f-3a24-47ff-baa0-4478950d210f", "indicator--578cca60-e628-4e40-b77e-4bae950d210f", "indicator--578cca60-e1b8-43f8-8ee1-43d4950d210f", "indicator--578cca61-9b84-42c2-b22a-4d66950d210f", "indicator--578cca61-2980-4693-8051-41e9950d210f", "indicator--578cca61-2a80-441a-82db-42e4950d210f", "indicator--578cca62-b4bc-43cc-a918-41ad950d210f", "indicator--578cca62-22e4-4e13-8d6b-4800950d210f", "indicator--578cca63-d4e8-4f89-b2ce-4b28950d210f", "indicator--578cca63-86ec-44a2-be26-41b1950d210f", "indicator--578cca63-10b4-4b37-a268-4506950d210f", "indicator--578cca64-b7f0-4c8c-95e2-42f2950d210f", "indicator--578cca64-ba44-43e4-a812-4510950d210f", "indicator--578cca64-60f4-4a1c-899c-47e1950d210f", "indicator--578cca65-0488-4b26-b2d2-4886950d210f", "indicator--578cca65-81b4-4acd-a471-482e950d210f", "indicator--578cca66-3734-4f58-9248-45b1950d210f", "indicator--578cca66-e268-4de1-bb44-4c5c950d210f", "indicator--578cca66-f9cc-4ea7-b9ea-47ec950d210f", "indicator--578cca67-9824-4a06-aa93-4462950d210f", "indicator--578cca67-1d44-4239-a8dc-4d9f950d210f", "indicator--578cca68-62f8-403a-988f-45c0950d210f", "indicator--578cca68-9b84-4656-bcf7-4131950d210f", "indicator--578cca68-80f4-46e7-921c-4b95950d210f", "x-misp-attribute--578cca7f-8d90-44e1-9e17-43a0950d210f", "observed-data--578ccaa0-c950-47c4-b4f7-457d950d210f", "email-message--578ccaa0-c950-47c4-b4f7-457d950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca51-f1ac-4ef8-a054-4f95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:45.000Z", "modified": "2016-07-18T12:23:45.000Z", "description": "download location", "pattern": "[url:value = 'http://ecpi.ro/cqema']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca51-150c-4d19-93e2-4988950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:45.000Z", "modified": "2016-07-18T12:23:45.000Z", "description": "download location", "pattern": "[domain-name:value = 'ecpi.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca52-6480-4bde-9607-4d43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:46.000Z", "modified": "2016-07-18T12:23:46.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.42.223.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca52-be58-4b9e-8ac5-4a74950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:46.000Z", "modified": "2016-07-18T12:23:46.000Z", "description": "download location", "pattern": "[url:value = 'http://provincialpw.com/r0vaqf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca53-e39c-4eb9-a7ee-434d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:47.000Z", "modified": "2016-07-18T12:23:47.000Z", "description": "download location", "pattern": "[domain-name:value = 'provincialpw.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca53-b100-4f68-948c-4776950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:47.000Z", "modified": "2016-07-18T12:23:47.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '160.153.54.35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca53-1334-4097-97be-4563950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:47.000Z", "modified": "2016-07-18T12:23:47.000Z", "description": "download location", "pattern": "[url:value = 'http://matthewmccright.org/sl8wu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca54-e8d0-4690-8540-43de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:48.000Z", "modified": "2016-07-18T12:23:48.000Z", "description": "download location", "pattern": "[domain-name:value = 'matthewmccright.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca54-3d38-4815-a76a-4722950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:48.000Z", "modified": "2016-07-18T12:23:48.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.13.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca55-4aa4-43ec-9836-4ecd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:49.000Z", "modified": "2016-07-18T12:23:49.000Z", "description": "download location", "pattern": "[url:value = 'http://kouzoncorporation.com/jikkhl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca55-0174-4e64-b0b0-49e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:49.000Z", "modified": "2016-07-18T12:23:49.000Z", "description": "download location", "pattern": "[domain-name:value = 'kouzoncorporation.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca55-c288-4c80-a522-49d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:49.000Z", "modified": "2016-07-18T12:23:49.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.85.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca56-e0ac-4d83-829d-4479950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:50.000Z", "modified": "2016-07-18T12:23:50.000Z", "description": "download location", "pattern": "[url:value = 'http://ahatv.com.au/twh7xv']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca56-ab48-4e37-923b-49e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:50.000Z", "modified": "2016-07-18T12:23:50.000Z", "description": "download location", "pattern": "[domain-name:value = 'ahatv.com.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca57-479c-4495-950e-40a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:51.000Z", "modified": "2016-07-18T12:23:51.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.226.221.161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca57-1d70-4118-9708-4daa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:51.000Z", "modified": "2016-07-18T12:23:51.000Z", "description": "download location", "pattern": "[url:value = 'http://davisdoherty.co.nz/g0vi70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca57-fa1c-45b0-ae8e-4668950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:51.000Z", "modified": "2016-07-18T12:23:51.000Z", "description": "download location", "pattern": "[domain-name:value = 'davisdoherty.co.nz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca58-9e7c-41c7-9bbd-44e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:52.000Z", "modified": "2016-07-18T12:23:52.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.234.42.102']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca58-6354-4c53-bfd3-4c0f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:52.000Z", "modified": "2016-07-18T12:23:52.000Z", "description": "download location", "pattern": "[url:value = 'http://my-result.ru/0j1nlpj8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca59-02ec-4ec3-bc2e-4cf1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:53.000Z", "modified": "2016-07-18T12:23:53.000Z", "description": "download location", "pattern": "[domain-name:value = 'my-result.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca59-8108-445f-829c-48ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:53.000Z", "modified": "2016-07-18T12:23:53.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.163.18.88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca59-09dc-4287-8922-4231950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:53.000Z", "modified": "2016-07-18T12:23:53.000Z", "description": "download location", "pattern": "[url:value = 'http://blackdildo.net/h9kyu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5a-4df4-466e-a74d-4a77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:54.000Z", "modified": "2016-07-18T12:23:54.000Z", "description": "download location", "pattern": "[domain-name:value = 'blackdildo.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5a-123c-450b-b601-4cba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:54.000Z", "modified": "2016-07-18T12:23:54.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.31.160.94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5b-3044-4e4d-846b-49df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:55.000Z", "modified": "2016-07-18T12:23:55.000Z", "description": "download location", "pattern": "[url:value = 'http://gruposoluciomatica.com.br/ryi81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5b-4a24-477f-908c-4ef1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:55.000Z", "modified": "2016-07-18T12:23:55.000Z", "description": "download location", "pattern": "[domain-name:value = 'gruposoluciomatica.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5b-04f0-4501-b319-4f16950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:55.000Z", "modified": "2016-07-18T12:23:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.17.98.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5c-7b90-4531-8939-4ce4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:56.000Z", "modified": "2016-07-18T12:23:56.000Z", "description": "download location", "pattern": "[url:value = 'http://benavidezhoy.com/8zrg48k']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5c-a1bc-476e-ab0f-4b61950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:56.000Z", "modified": "2016-07-18T12:23:56.000Z", "description": "download location", "pattern": "[domain-name:value = 'benavidezhoy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5d-9304-48b9-abfd-4959950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:57.000Z", "modified": "2016-07-18T12:23:57.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.16.243.28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5d-8bbc-4f81-b8c7-4532950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:57.000Z", "modified": "2016-07-18T12:23:57.000Z", "description": "download location", "pattern": "[url:value = 'http://rsxxx.com/3vp8s83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5d-5e44-49a4-8a1b-490f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:57.000Z", "modified": "2016-07-18T12:23:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'rsxxx.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5e-1684-426c-8944-4820950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:58.000Z", "modified": "2016-07-18T12:23:58.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.50.139.6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5e-d7e0-4170-829a-4ab5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:58.000Z", "modified": "2016-07-18T12:23:58.000Z", "description": "download location", "pattern": "[url:value = 'http://findmobileauto.com/gh8ft']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5f-e8d0-4acd-870e-45de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:59.000Z", "modified": "2016-07-18T12:23:59.000Z", "description": "download location", "pattern": "[domain-name:value = 'findmobileauto.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5f-5438-4075-9f79-4710950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:59.000Z", "modified": "2016-07-18T12:23:59.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.196.208']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca5f-3a24-47ff-baa0-4478950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:23:59.000Z", "modified": "2016-07-18T12:23:59.000Z", "description": "download location", "pattern": "[url:value = 'http://christian-view.com/rwe24t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:23:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca60-e628-4e40-b77e-4bae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:00.000Z", "modified": "2016-07-18T12:24:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'christian-view.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca60-e1b8-43f8-8ee1-43d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:00.000Z", "modified": "2016-07-18T12:24:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.90.163.170']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca61-9b84-42c2-b22a-4d66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:01.000Z", "modified": "2016-07-18T12:24:01.000Z", "description": "download location", "pattern": "[url:value = 'http://deanstum.com/z9opr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca61-2980-4693-8051-41e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:01.000Z", "modified": "2016-07-18T12:24:01.000Z", "description": "download location", "pattern": "[domain-name:value = 'deanstum.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca61-2a80-441a-82db-42e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:01.000Z", "modified": "2016-07-18T12:24:01.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.229.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca62-b4bc-43cc-a918-41ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:02.000Z", "modified": "2016-07-18T12:24:02.000Z", "description": "download location", "pattern": "[url:value = 'http://eurasian.fc2web.com/18nws9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca62-22e4-4e13-8d6b-4800950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:02.000Z", "modified": "2016-07-18T12:24:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'eurasian.fc2web.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca63-d4e8-4f89-b2ce-4b28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:03.000Z", "modified": "2016-07-18T12:24:03.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca63-86ec-44a2-be26-41b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:03.000Z", "modified": "2016-07-18T12:24:03.000Z", "description": "download location", "pattern": "[url:value = 'http://bigislandhawaiihilorealestate.com/16h9p']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca63-10b4-4b37-a268-4506950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:03.000Z", "modified": "2016-07-18T12:24:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'bigislandhawaiihilorealestate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca64-b7f0-4c8c-95e2-42f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:04.000Z", "modified": "2016-07-18T12:24:04.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.24.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca64-ba44-43e4-a812-4510950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:04.000Z", "modified": "2016-07-18T12:24:04.000Z", "description": "download location", "pattern": "[url:value = 'http://ilkhaberadana.com/rmegjezz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca64-60f4-4a1c-899c-47e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:04.000Z", "modified": "2016-07-18T12:24:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'ilkhaberadana.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca65-0488-4b26-b2d2-4886950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:05.000Z", "modified": "2016-07-18T12:24:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '159.253.46.194']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca65-81b4-4acd-a471-482e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:05.000Z", "modified": "2016-07-18T12:24:05.000Z", "description": "download location", "pattern": "[url:value = 'http://aquatixbottle.com/ygyngc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca66-3734-4f58-9248-45b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:06.000Z", "modified": "2016-07-18T12:24:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'aquatixbottle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca66-e268-4de1-bb44-4c5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:06.000Z", "modified": "2016-07-18T12:24:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.212.231']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca66-f9cc-4ea7-b9ea-47ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:06.000Z", "modified": "2016-07-18T12:24:06.000Z", "description": "download location", "pattern": "[url:value = 'http://fusofrance.fr/nengga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca67-9824-4a06-aa93-4462950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:07.000Z", "modified": "2016-07-18T12:24:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'fusofrance.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca67-1d44-4239-a8dc-4d9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:07.000Z", "modified": "2016-07-18T12:24:07.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca68-62f8-403a-988f-45c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:08.000Z", "modified": "2016-07-18T12:24:08.000Z", "description": "download location", "pattern": "[url:value = 'http://bizconsulting.ro/bm8s7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca68-9b84-4656-bcf7-4131950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:08.000Z", "modified": "2016-07-18T12:24:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'bizconsulting.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--578cca68-80f4-46e7-921c-4b95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:08.000Z", "modified": "2016-07-18T12:24:08.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.35.15.215']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-18T12:24:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--578cca7f-8d90-44e1-9e17-43a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:24:31.000Z", "modified": "2016-07-18T12:24:31.000Z", "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_type": "user-agent", "x_misp_value": "User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--578ccaa0-c950-47c4-b4f7-457d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-18T12:25:04.000Z", "modified": "2016-07-18T12:25:04.000Z", "first_observed": "2016-07-18T12:25:04Z", "last_observed": "2016-07-18T12:25:04Z", "number_observed": 1, "object_refs": [ "email-message--578ccaa0-c950-47c4-b4f7-457d950d210f" ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--578ccaa0-c950-47c4-b4f7-457d950d210f", "is_multipart": false, "subject": "bank account report" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }