{ "type": "bundle", "id": "bundle--57c6aa95-f274-4fcf-8007-b664950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:02:35.000Z", "modified": "2016-08-31T10:02:35.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57c6aa95-f274-4fcf-8007-b664950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:02:35.000Z", "modified": "2016-08-31T10:02:35.000Z", "name": "Malspam 2016-08-31 (.hta in .zip) - campaign: \"FW: [Scan]\"", "published": "2016-08-31T10:02:50Z", "object_refs": [ "indicator--57c6aad4-5450-47d3-8f06-c130950d210f", "indicator--57c6aad4-3d9c-47dd-ac28-c130950d210f", "indicator--57c6aad5-f8f0-4e30-8982-c130950d210f", "indicator--57c6aad5-0e1c-48c7-80b1-c130950d210f", "indicator--57c6aad5-2fcc-4906-bdd5-c130950d210f", "indicator--57c6aad6-df94-4674-8e60-c130950d210f", "indicator--57c6aad6-d19c-4e66-a56d-c130950d210f", "indicator--57c6aad6-1780-4930-a563-c130950d210f", "indicator--57c6aad6-4430-4c43-9f49-c130950d210f", "indicator--57c6aad7-1e00-4312-83a0-c130950d210f", "indicator--57c6aad7-d410-4f8b-aabb-c130950d210f", "indicator--57c6aad8-cd8c-4f71-aac0-c130950d210f", "indicator--57c6aad8-2e74-4554-a2d0-c130950d210f", "indicator--57c6aad8-61b0-4514-bae3-c130950d210f", "indicator--57c6aad9-04bc-44a6-9718-c130950d210f", "indicator--57c6aad9-333c-4e79-ab29-c130950d210f", "indicator--57c6aad9-7510-4935-aff7-c130950d210f", "indicator--57c6aad9-63d8-4618-ada4-c130950d210f", "indicator--57c6aad9-eccc-4076-92d2-c130950d210f", "indicator--57c6aada-a604-4119-8e8f-c130950d210f", "indicator--57c6aada-1a18-4a32-b982-c130950d210f", "indicator--57c6aadb-3c98-446c-a634-c130950d210f", "indicator--57c6aadb-2608-450d-aeb5-c130950d210f", "indicator--57c6aadb-0f54-44f3-a4cf-c130950d210f", "indicator--57c6aadc-779c-46b3-aaaf-c130950d210f", "indicator--57c6aadc-3470-46eb-9015-c130950d210f", "indicator--57c6aadc-c1c0-42a0-984f-c130950d210f", "indicator--57c6aadc-7b34-4de8-b1f5-c130950d210f", "indicator--57c6aadc-062c-4f78-b04a-c130950d210f", "indicator--57c6aadd-78a4-43a6-a671-c130950d210f", "indicator--57c6aadd-3c80-414b-be32-c130950d210f", "indicator--57c6aade-4524-4deb-9c0f-c130950d210f", "indicator--57c6aade-6aa8-4e89-8ea6-c130950d210f", "indicator--57c6aade-6d0c-4fb8-9cde-c130950d210f", "indicator--57c6aade-0e50-40c9-85a9-c130950d210f", "indicator--57c6aadf-c1a8-442f-ad70-c130950d210f", "indicator--57c6aadf-ed5c-44e8-b1c5-c130950d210f", "indicator--57c6aadf-20b0-4830-95ff-c130950d210f", "indicator--57c6aae0-242c-4034-b4dd-c130950d210f", "indicator--57c6aae0-f35c-4f3b-843d-c130950d210f", "indicator--57c6aae0-7d28-4f82-bdc6-c130950d210f", "indicator--57c6aae1-7aa8-4142-baab-c130950d210f", "indicator--57c6aae1-46c4-4f18-ba52-c130950d210f", "indicator--57c6aae1-9418-4872-abc0-c130950d210f", "indicator--57c6aae2-7f4c-4809-b830-c130950d210f", "indicator--57c6aae2-18b4-46df-a97d-c130950d210f", "indicator--57c6aae2-6fa4-4132-b9ee-c130950d210f", "indicator--57c6aae3-63e0-4dbb-a7d8-c130950d210f", "indicator--57c6aae3-126c-4234-8786-c130950d210f", "indicator--57c6aae3-0e00-4c81-bfdd-c130950d210f", "indicator--57c6aae3-722c-400e-95af-c130950d210f", "indicator--57c6aae4-c6e4-4964-a194-c130950d210f", "indicator--57c6aae4-2eac-4b5d-b488-c130950d210f", "indicator--57c6aae4-53f8-4d10-85a5-c130950d210f", "indicator--57c6aae5-889c-4652-ae90-c130950d210f", "indicator--57c6aae5-a058-4c15-bcb8-c130950d210f", "indicator--57c6aae5-810c-445b-beff-c130950d210f", "indicator--57c6aae6-afb4-4bb2-aace-c130950d210f", "indicator--57c6aae6-9b80-4cdb-bf9d-c130950d210f", "indicator--57c6aae6-6104-45ef-80a5-c130950d210f", "indicator--57c6aae6-c478-4420-91f2-c130950d210f", "indicator--57c6aae6-926c-4d07-b267-c130950d210f", "indicator--57c6aae7-fc2c-491e-8759-c130950d210f", "indicator--57c6aae7-1fb0-48a6-b0de-c130950d210f", "indicator--57c6aae8-fbd8-4369-ad51-c130950d210f", "indicator--57c6aae8-8c88-4b4c-b4cf-c130950d210f", "indicator--57c6aae8-15ec-48a7-b5b1-c130950d210f", "indicator--57c6aae9-6c50-4992-8f42-c130950d210f", "indicator--57c6aae9-40f0-4158-b578-c130950d210f", "indicator--57c6aae9-b7a8-4602-9d9c-c130950d210f", "indicator--57c6aae9-482c-4715-9852-c130950d210f", "indicator--57c6aae9-31b0-436d-98a6-c130950d210f", "indicator--57c6aae9-6f6c-4472-b2a3-c130950d210f", "indicator--57c6aaea-4174-4422-9790-c130950d210f", "indicator--57c6aaea-87e4-45da-a364-c130950d210f", "indicator--57c6aaea-2b7c-4fc5-9fe0-c130950d210f", "indicator--57c6aaea-c664-47de-ae77-c130950d210f", "indicator--57c6aaea-4884-42d6-9c9b-c130950d210f", "indicator--57c6aaeb-eb18-466e-ba85-c130950d210f", "indicator--57c6aaeb-48bc-49a0-8985-c130950d210f", "indicator--57c6aaeb-cdf8-4cb4-80c7-c130950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad4-5450-47d3-8f06-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:52.000Z", "modified": "2016-08-31T10:00:52.000Z", "description": "download location", "pattern": "[url:value = 'http://www.download.extraslot.ru/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad4-3d9c-47dd-ac28-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:52.000Z", "modified": "2016-08-31T10:00:52.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.download.extraslot.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad5-f8f0-4e30-8982-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:53.000Z", "modified": "2016-08-31T10:00:53.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.173.139.197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad5-0e1c-48c7-80b1-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:53.000Z", "modified": "2016-08-31T10:00:53.000Z", "description": "download location", "pattern": "[url:value = 'http://w07q93g5g.homepage.t-online.de/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad5-2fcc-4906-bdd5-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:53.000Z", "modified": "2016-08-31T10:00:53.000Z", "description": "download location", "pattern": "[domain-name:value = 'w07q93g5g.homepage.t-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad6-df94-4674-8e60-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:54.000Z", "modified": "2016-08-31T10:00:54.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad6-d19c-4e66-a56d-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:54.000Z", "modified": "2016-08-31T10:00:54.000Z", "description": "download location", "pattern": "[url:value = 'http://www.hager.50webs.org/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad6-1780-4930-a563-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:54.000Z", "modified": "2016-08-31T10:00:54.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.hager.50webs.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad6-4430-4c43-9f49-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:54.000Z", "modified": "2016-08-31T10:00:54.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.151.153.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad7-1e00-4312-83a0-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:55.000Z", "modified": "2016-08-31T10:00:55.000Z", "description": "download location", "pattern": "[url:value = 'http://powermax.ru/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad7-d410-4f8b-aabb-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:55.000Z", "modified": "2016-08-31T10:00:55.000Z", "description": "download location", "pattern": "[domain-name:value = 'powermax.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad8-cd8c-4f71-aac0-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:56.000Z", "modified": "2016-08-31T10:00:56.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.189.197.56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad8-2e74-4554-a2d0-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:56.000Z", "modified": "2016-08-31T10:00:56.000Z", "description": "download location", "pattern": "[url:value = 'http://www.helpinict.co.uk/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad8-61b0-4514-bae3-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:56.000Z", "modified": "2016-08-31T10:00:56.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.helpinict.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad9-04bc-44a6-9718-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:57.000Z", "modified": "2016-08-31T10:00:57.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.159.9.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad9-333c-4e79-ab29-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:57.000Z", "modified": "2016-08-31T10:00:57.000Z", "description": "download location", "pattern": "[url:value = 'http://pcps.web.fc2.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad9-7510-4935-aff7-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:57.000Z", "modified": "2016-08-31T10:00:57.000Z", "description": "download location", "pattern": "[domain-name:value = 'pcps.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad9-63d8-4618-ada4-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:57.000Z", "modified": "2016-08-31T10:00:57.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aad9-eccc-4076-92d2-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:57.000Z", "modified": "2016-08-31T10:00:57.000Z", "description": "download location", "pattern": "[url:value = 'http://www.redanchemical.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aada-a604-4119-8e8f-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:58.000Z", "modified": "2016-08-31T10:00:58.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.redanchemical.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aada-1a18-4a32-b982-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:58.000Z", "modified": "2016-08-31T10:00:58.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadb-3c98-446c-a634-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:59.000Z", "modified": "2016-08-31T10:00:59.000Z", "description": "download location", "pattern": "[url:value = 'http://jack0v0.web.fc2.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadb-2608-450d-aeb5-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:59.000Z", "modified": "2016-08-31T10:00:59.000Z", "description": "download location", "pattern": "[domain-name:value = 'jack0v0.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadb-0f54-44f3-a4cf-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:00:59.000Z", "modified": "2016-08-31T10:00:59.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:00:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadc-779c-46b3-aaaf-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:00.000Z", "modified": "2016-08-31T10:01:00.000Z", "description": "download location", "pattern": "[url:value = 'http://a-tconsulting.co.uk/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadc-3470-46eb-9015-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:00.000Z", "modified": "2016-08-31T10:01:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'a-tconsulting.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadc-c1c0-42a0-984f-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:00.000Z", "modified": "2016-08-31T10:01:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.159.8.91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadc-7b34-4de8-b1f5-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:00.000Z", "modified": "2016-08-31T10:01:00.000Z", "description": "download location", "pattern": "[url:value = 'http://www.commentaborderunefille.fr/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadc-062c-4f78-b04a-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:00.000Z", "modified": "2016-08-31T10:01:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.commentaborderunefille.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadd-78a4-43a6-a671-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:01.000Z", "modified": "2016-08-31T10:01:01.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadd-3c80-414b-be32-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:01.000Z", "modified": "2016-08-31T10:01:01.000Z", "description": "download location", "pattern": "[url:value = 'http://khaimekong.50webs.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aade-4524-4deb-9c0f-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:02.000Z", "modified": "2016-08-31T10:01:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'khaimekong.50webs.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aade-6aa8-4e89-8ea6-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:02.000Z", "modified": "2016-08-31T10:01:02.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.210.101.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aade-6d0c-4fb8-9cde-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:02.000Z", "modified": "2016-08-31T10:01:02.000Z", "description": "download location", "pattern": "[url:value = 'http://www.luigigiordano.org/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aade-0e50-40c9-85a9-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:02.000Z", "modified": "2016-08-31T10:01:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.luigigiordano.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadf-c1a8-442f-ad70-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:03.000Z", "modified": "2016-08-31T10:01:03.000Z", "description": "download location", "pattern": "[url:value = 'http://www.ionut.coman.home.ro/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadf-ed5c-44e8-b1c5-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:03.000Z", "modified": "2016-08-31T10:01:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.ionut.coman.home.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aadf-20b0-4830-95ff-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:03.000Z", "modified": "2016-08-31T10:01:03.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.196.20.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae0-242c-4034-b4dd-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:04.000Z", "modified": "2016-08-31T10:01:04.000Z", "description": "download location", "pattern": "[url:value = 'http://www.personalshoppingservice.it/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae0-f35c-4f3b-843d-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:04.000Z", "modified": "2016-08-31T10:01:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.personalshoppingservice.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae0-7d28-4f82-bdc6-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:04.000Z", "modified": "2016-08-31T10:01:04.000Z", "description": "download location", "pattern": "[url:value = 'http://nkbzryw.republika.pl/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae1-7aa8-4142-baab-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:05.000Z", "modified": "2016-08-31T10:01:05.000Z", "description": "download location", "pattern": "[domain-name:value = 'nkbzryw.republika.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae1-46c4-4f18-ba52-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:05.000Z", "modified": "2016-08-31T10:01:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.180.150.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae1-9418-4872-abc0-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:05.000Z", "modified": "2016-08-31T10:01:05.000Z", "description": "download location", "pattern": "[url:value = 'http://www.hotelancorariviera.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae2-7f4c-4809-b830-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:06.000Z", "modified": "2016-08-31T10:01:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.hotelancorariviera.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae2-18b4-46df-a97d-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:06.000Z", "modified": "2016-08-31T10:01:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.158.72.90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae2-6fa4-4132-b9ee-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:06.000Z", "modified": "2016-08-31T10:01:06.000Z", "description": "download location", "pattern": "[url:value = 'http://www.francescafraioli.it/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae3-63e0-4dbb-a7d8-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:07.000Z", "modified": "2016-08-31T10:01:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.francescafraioli.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae3-126c-4234-8786-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:07.000Z", "modified": "2016-08-31T10:01:07.000Z", "description": "download location", "pattern": "[url:value = 'http://user22393.vs.easily.co.uk/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae3-0e00-4c81-bfdd-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:07.000Z", "modified": "2016-08-31T10:01:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'user22393.vs.easily.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae3-722c-400e-95af-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:07.000Z", "modified": "2016-08-31T10:01:07.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.194.151.38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae4-c6e4-4964-a194-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:08.000Z", "modified": "2016-08-31T10:01:08.000Z", "description": "download location", "pattern": "[url:value = 'http://www.francogatta.it/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae4-2eac-4b5d-b488-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:08.000Z", "modified": "2016-08-31T10:01:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.francogatta.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae4-53f8-4d10-85a5-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:08.000Z", "modified": "2016-08-31T10:01:08.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.78.215.76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae5-889c-4652-ae90-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:09.000Z", "modified": "2016-08-31T10:01:09.000Z", "description": "download location", "pattern": "[url:value = 'http://dreamworksoffice.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae5-a058-4c15-bcb8-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:09.000Z", "modified": "2016-08-31T10:01:09.000Z", "description": "download location", "pattern": "[domain-name:value = 'dreamworksoffice.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae5-810c-445b-beff-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:09.000Z", "modified": "2016-08-31T10:01:09.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.242.226.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae6-afb4-4bb2-aace-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:10.000Z", "modified": "2016-08-31T10:01:10.000Z", "description": "download location", "pattern": "[url:value = 'http://sarushima.web.fc2.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae6-9b80-4cdb-bf9d-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:10.000Z", "modified": "2016-08-31T10:01:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'sarushima.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae6-6104-45ef-80a5-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:10.000Z", "modified": "2016-08-31T10:01:10.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae6-c478-4420-91f2-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:10.000Z", "modified": "2016-08-31T10:01:10.000Z", "description": "download location", "pattern": "[url:value = 'http://sonaeyou1.web.fc2.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae6-926c-4d07-b267-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:10.000Z", "modified": "2016-08-31T10:01:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'sonaeyou1.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae7-fc2c-491e-8759-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:11.000Z", "modified": "2016-08-31T10:01:11.000Z", "description": "download location", "pattern": "[url:value = 'http://www.kreso.it/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae7-1fb0-48a6-b0de-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:11.000Z", "modified": "2016-08-31T10:01:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.kreso.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae8-fbd8-4369-ad51-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:12.000Z", "modified": "2016-08-31T10:01:12.000Z", "description": "download location", "pattern": "[url:value = 'http://twojamuza.y0.pl/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae8-8c88-4b4c-b4cf-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:12.000Z", "modified": "2016-08-31T10:01:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'twojamuza.y0.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae8-15ec-48a7-b5b1-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:12.000Z", "modified": "2016-08-31T10:01:12.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.96.160']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae9-6c50-4992-8f42-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:13.000Z", "modified": "2016-08-31T10:01:13.000Z", "description": "download location", "pattern": "[url:value = 'http://www.ieslamerced.es/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae9-40f0-4158-b578-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:13.000Z", "modified": "2016-08-31T10:01:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.ieslamerced.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae9-b7a8-4602-9d9c-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:13.000Z", "modified": "2016-08-31T10:01:13.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.42.230.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae9-482c-4715-9852-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:13.000Z", "modified": "2016-08-31T10:01:13.000Z", "description": "download location", "pattern": "[url:value = 'http://finishcar.de/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae9-31b0-436d-98a6-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:13.000Z", "modified": "2016-08-31T10:01:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'finishcar.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aae9-6f6c-4472-b2a3-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:13.000Z", "modified": "2016-08-31T10:01:13.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.31.143.112']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aaea-4174-4422-9790-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:14.000Z", "modified": "2016-08-31T10:01:14.000Z", "description": "download location", "pattern": "[url:value = 'http://www.kukon.go.ro/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aaea-87e4-45da-a364-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:14.000Z", "modified": "2016-08-31T10:01:14.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.kukon.go.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aaea-2b7c-4fc5-9fe0-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:14.000Z", "modified": "2016-08-31T10:01:14.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.196.20.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aaea-c664-47de-ae77-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:14.000Z", "modified": "2016-08-31T10:01:14.000Z", "description": "download location", "pattern": "[url:value = 'http://simo62.web.fc2.com/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aaea-4884-42d6-9c9b-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:14.000Z", "modified": "2016-08-31T10:01:14.000Z", "description": "download location", "pattern": "[domain-name:value = 'simo62.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aaeb-eb18-466e-ba85-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:15.000Z", "modified": "2016-08-31T10:01:15.000Z", "description": "download location", "pattern": "[url:value = 'http://joeybecker.gmxhome.de/HJghjt872']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aaeb-48bc-49a0-8985-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:15.000Z", "modified": "2016-08-31T10:01:15.000Z", "description": "download location", "pattern": "[domain-name:value = 'joeybecker.gmxhome.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6aaeb-cdf8-4cb4-80c7-c130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:01:15.000Z", "modified": "2016-08-31T10:01:15.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.165.58.83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:01:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }