{ "type": "bundle", "id": "bundle--57b5adc4-9f48-4cb4-9a0b-4471950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:49:24.000Z", "modified": "2016-08-18T12:49:24.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57b5adc4-9f48-4cb4-9a0b-4471950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:49:24.000Z", "modified": "2016-08-18T12:49:24.000Z", "name": "Malspam 2016-08-18 (.wsf in .zip) - campaign: \"Emailing: Label\"", "published": "2016-08-18T14:12:05Z", "object_refs": [ "indicator--57b5adf6-4820-48ff-9a19-4dca950d210f", "indicator--57b5adf6-3130-480c-ab96-4904950d210f", "indicator--57b5adf6-9bb4-4a7c-b821-4aab950d210f", "indicator--57b5adf6-6228-4762-a72c-47d0950d210f", "indicator--57b5adf6-33a8-495d-b3bf-41cd950d210f", "indicator--57b5adf7-14f0-4ef2-adb7-4f11950d210f", "indicator--57b5adf7-1d70-4f73-b6f9-4804950d210f", "indicator--57b5adf7-ecd0-4781-8d14-4a81950d210f", "indicator--57b5adf7-a434-49bc-9955-4415950d210f", "indicator--57b5ae06-c614-484f-b6bb-433d950d210f", "indicator--57b5ae06-9994-4cb9-b0f5-4530950d210f", "indicator--57b5ae06-6060-4943-86d4-4aab950d210f", "indicator--57b5ae07-01f0-4a8f-ad1e-477f950d210f", "indicator--57b5ae07-5a84-4e0f-8273-4bef950d210f", "indicator--57b5ae07-3438-44a4-822d-46fe950d210f", "indicator--57b5ae07-7374-427f-b571-45a4950d210f", "indicator--57b5ae08-4a58-4a43-b305-4405950d210f", "indicator--57b5ae25-5f38-4b1c-8a8a-4a04950d210f", "indicator--57b5ae26-ef78-44a0-b564-4009950d210f", "indicator--57b5ae26-b860-406c-8190-4015950d210f", "indicator--57b5ae26-5c90-4569-8843-4b58950d210f", "indicator--57b5ae26-00ac-4768-82ad-46d9950d210f", "observed-data--57b5ae6d-c600-4ecd-a842-4fab950d210f", "email-message--57b5ae6d-c600-4ecd-a842-4fab950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf6-4820-48ff-9a19-4dca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:42.000Z", "modified": "2016-08-18T12:45:42.000Z", "description": "download location", "pattern": "[url:value = 'http://cs-czosnusie.cba.pl/jkYTFhb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf6-3130-480c-ab96-4904950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:42.000Z", "modified": "2016-08-18T12:45:42.000Z", "description": "download location", "pattern": "[domain-name:value = 'cs-czosnusie.cba.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf6-9bb4-4a7c-b821-4aab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:42.000Z", "modified": "2016-08-18T12:45:42.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.144.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf6-6228-4762-a72c-47d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:42.000Z", "modified": "2016-08-18T12:45:42.000Z", "description": "download location", "pattern": "[url:value = 'http://entree22.homepage.t-online.de/jkYTFhb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf6-33a8-495d-b3bf-41cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:42.000Z", "modified": "2016-08-18T12:45:42.000Z", "description": "download location", "pattern": "[domain-name:value = 'entree22.homepage.t-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf7-14f0-4ef2-adb7-4f11950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:43.000Z", "modified": "2016-08-18T12:45:43.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf7-1d70-4f73-b6f9-4804950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:43.000Z", "modified": "2016-08-18T12:45:43.000Z", "description": "download location", "pattern": "[url:value = 'http://www.ceccatobassano.it/jkYTFhb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf7-ecd0-4781-8d14-4a81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:43.000Z", "modified": "2016-08-18T12:45:43.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.ceccatobassano.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5adf7-a434-49bc-9955-4415950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:43.000Z", "modified": "2016-08-18T12:45:43.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae06-c614-484f-b6bb-433d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:58.000Z", "modified": "2016-08-18T12:45:58.000Z", "description": "download location", "pattern": "[url:value = 'http://www.unice.it/jkYTFhb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae06-9994-4cb9-b0f5-4530950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:58.000Z", "modified": "2016-08-18T12:45:58.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.unice.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae06-6060-4943-86d4-4aab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:58.000Z", "modified": "2016-08-18T12:45:58.000Z", "description": "download location", "pattern": "[url:value = 'http://detlevs-homepage.de/jkYTFhb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae07-01f0-4a8f-ad1e-477f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:59.000Z", "modified": "2016-08-18T12:45:59.000Z", "description": "download location", "pattern": "[domain-name:value = 'detlevs-homepage.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae07-5a84-4e0f-8273-4bef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:59.000Z", "modified": "2016-08-18T12:45:59.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.156']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae07-3438-44a4-822d-46fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:59.000Z", "modified": "2016-08-18T12:45:59.000Z", "description": "download location", "pattern": "[url:value = 'http://www.beneli.be/jkYTFhb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae07-7374-427f-b571-45a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:45:59.000Z", "modified": "2016-08-18T12:45:59.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.beneli.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:45:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae08-4a58-4a43-b305-4405950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:46:00.000Z", "modified": "2016-08-18T12:46:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.130.132.84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:46:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae25-5f38-4b1c-8a8a-4a04950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:46:29.000Z", "modified": "2016-08-18T12:46:29.000Z", "description": "download location", "pattern": "[url:value = 'http://www.alexpalmieri.com/jkYTFhb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:46:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae26-ef78-44a0-b564-4009950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:46:30.000Z", "modified": "2016-08-18T12:46:30.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.alexpalmieri.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:46:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae26-b860-406c-8190-4015950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:46:30.000Z", "modified": "2016-08-18T12:46:30.000Z", "description": "download location", "pattern": "[url:value = 'http://a-plusrijopleiding.nl/jkYTFhb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:46:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae26-5c90-4569-8843-4b58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:46:30.000Z", "modified": "2016-08-18T12:46:30.000Z", "description": "download location", "pattern": "[domain-name:value = 'a-plusrijopleiding.nl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:46:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57b5ae26-00ac-4768-82ad-46d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:46:30.000Z", "modified": "2016-08-18T12:46:30.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.129.139.129']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-18T12:46:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57b5ae6d-c600-4ecd-a842-4fab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-18T12:47:41.000Z", "modified": "2016-08-18T12:47:41.000Z", "first_observed": "2016-08-18T12:47:41Z", "last_observed": "2016-08-18T12:47:41Z", "number_observed": 1, "object_refs": [ "email-message--57b5ae6d-c600-4ecd-a842-4fab950d210f" ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--57b5ae6d-c600-4ecd-a842-4fab950d210f", "is_multipart": false, "subject": "Emailing: Labe" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }