{ "type": "bundle", "id": "bundle--57c6ac4c-c60c-4f79-a38f-b666950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:51.000Z", "modified": "2016-08-31T10:10:51.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57c6ac4c-c60c-4f79-a38f-b666950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:51.000Z", "modified": "2016-08-31T10:10:51.000Z", "name": "Malspam 2016-08-31 (.wsf in .zip) - campaign: \"Image|Picture|Photos|Photo|Document\"", "published": "2016-08-31T10:11:32Z", "object_refs": [ "indicator--57c6acfc-da4c-44de-9f5a-b667950d210f", "indicator--57c6acfd-09ec-4d5d-8716-b667950d210f", "indicator--57c6acfd-5198-494d-8159-b667950d210f", "indicator--57c6acfd-7a2c-4b14-a586-b667950d210f", "indicator--57c6acfd-c484-422b-a86d-b667950d210f", "indicator--57c6acfd-5910-4d48-9f0a-b667950d210f", "indicator--57c6acfe-2f68-49c7-b4b8-b667950d210f", "indicator--57c6acfe-f2f0-4ca5-a092-b667950d210f", "indicator--57c6acfe-0cec-42d8-9f68-b667950d210f", "indicator--57c6acfe-9af4-4d0a-bdba-b667950d210f", "indicator--57c6acfe-1e60-47eb-9410-b667950d210f", "indicator--57c6acff-06b8-46b9-b613-b667950d210f", "indicator--57c6acff-2370-45f8-a45b-b667950d210f", "indicator--57c6acff-4210-4f6b-b572-b667950d210f", "indicator--57c6acff-ba08-485e-b062-b667950d210f", "indicator--57c6acff-43b4-43f7-961b-b667950d210f", "indicator--57c6acff-1218-44a4-b7c9-b667950d210f", "indicator--57c6ad00-10ac-4cb9-b427-b667950d210f", "indicator--57c6ad00-ee98-4ef6-b61c-b667950d210f", "indicator--57c6ad00-42dc-46b7-b802-b667950d210f", "indicator--57c6ad00-c128-45ab-af25-b667950d210f", "indicator--57c6ad00-a2a8-43b6-a941-b667950d210f", "indicator--57c6ad01-4c60-40c3-bc12-b667950d210f", "indicator--57c6ad01-ab70-4333-a2b9-b667950d210f", "indicator--57c6ad01-9be4-4bea-b194-b667950d210f", "indicator--57c6ad01-4384-495e-8c51-b667950d210f", "indicator--57c6ad01-f1a8-4997-9234-b667950d210f", "indicator--57c6ad02-1244-4e95-9ff3-b667950d210f", "indicator--57c6ad02-9a1c-448a-9f3c-b667950d210f", "indicator--57c6ad02-5c30-4979-8643-b667950d210f", "indicator--57c6ad02-e7a8-4556-9496-b667950d210f", "indicator--57c6ad02-cefc-4e05-abb6-b667950d210f", "indicator--57c6ad02-2dc4-49ec-a938-b667950d210f", "indicator--57c6ad03-c744-4f83-a46c-b667950d210f", "indicator--57c6ad03-f4d0-4def-9328-b667950d210f", "indicator--57c6ad03-f80c-463d-8bd8-b667950d210f", "indicator--57c6ad03-b260-4570-be2a-b667950d210f", "indicator--57c6ad03-6538-457a-be18-b667950d210f", "indicator--57c6ad04-3594-434b-b18a-b667950d210f", "indicator--57c6ad04-d600-4d97-9c91-b667950d210f", "indicator--57c6ad04-a7d4-4b7f-a697-b667950d210f", "indicator--57c6ad04-391c-4faf-ab7a-b667950d210f", "indicator--57c6ad04-0204-4aa3-a08f-b667950d210f", "indicator--57c6ad05-3e14-4fdd-bb39-b667950d210f", "indicator--57c6ad05-190c-46b6-a42e-b667950d210f", "indicator--57c6ad05-26f0-4336-8ede-b667950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfc-da4c-44de-9f5a-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:04.000Z", "modified": "2016-08-31T10:10:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'gastrohurt.neostrada.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfd-09ec-4d5d-8716-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:05.000Z", "modified": "2016-08-31T10:10:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.97.216.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfd-5198-494d-8159-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:05.000Z", "modified": "2016-08-31T10:10:05.000Z", "description": "download location", "pattern": "[domain-name:value = 'alians-ekb.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfd-7a2c-4b14-a586-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:05.000Z", "modified": "2016-08-31T10:10:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.12.197.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfd-c484-422b-a86d-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:05.000Z", "modified": "2016-08-31T10:10:05.000Z", "description": "download location", "pattern": "[domain-name:value = 'og-kaiserslautern-kft.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfd-5910-4d48-9f0a-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:05.000Z", "modified": "2016-08-31T10:10:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.237.140.28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfe-2f68-49c7-b4b8-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:06.000Z", "modified": "2016-08-31T10:10:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'nihilismus.web.fc2.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfe-f2f0-4ca5-a092-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:06.000Z", "modified": "2016-08-31T10:10:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.71.106.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfe-0cec-42d8-9f68-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:06.000Z", "modified": "2016-08-31T10:10:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'chwiladlaciebie.cba.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfe-9af4-4d0a-bdba-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:06.000Z", "modified": "2016-08-31T10:10:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.144.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acfe-1e60-47eb-9410-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:06.000Z", "modified": "2016-08-31T10:10:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.peritiassicurativi.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acff-06b8-46b9-b613-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:07.000Z", "modified": "2016-08-31T10:10:07.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acff-2370-45f8-a45b-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:07.000Z", "modified": "2016-08-31T10:10:07.000Z", "description": "download location", "pattern": "[url:value = 'http://rmpst.republika.pl/987nkjh8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acff-4210-4f6b-b572-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:07.000Z", "modified": "2016-08-31T10:10:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'rmpst.republika.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acff-ba08-485e-b062-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:07.000Z", "modified": "2016-08-31T10:10:07.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.180.150.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acff-43b4-43f7-961b-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:07.000Z", "modified": "2016-08-31T10:10:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'arcziuuucity.y0.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6acff-1218-44a4-b7c9-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:07.000Z", "modified": "2016-08-31T10:10:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.dapaluda.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad00-10ac-4cb9-b427-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:08.000Z", "modified": "2016-08-31T10:10:08.000Z", "description": "download location", "pattern": "[url:value = 'http://www.lindenkapelle.de/987nkjh8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad00-ee98-4ef6-b61c-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:08.000Z", "modified": "2016-08-31T10:10:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.lindenkapelle.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad00-42dc-46b7-b802-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:08.000Z", "modified": "2016-08-31T10:10:08.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.224']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad00-c128-45ab-af25-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:08.000Z", "modified": "2016-08-31T10:10:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.artx.strefa.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad00-a2a8-43b6-a941-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:08.000Z", "modified": "2016-08-31T10:10:08.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.74.66.167']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad01-4c60-40c3-bc12-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:09.000Z", "modified": "2016-08-31T10:10:09.000Z", "description": "download location", "pattern": "[url:value = 'http://www.hiederer.de/987nkjh8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad01-ab70-4333-a2b9-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:09.000Z", "modified": "2016-08-31T10:10:09.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.hiederer.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad01-9be4-4bea-b194-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:09.000Z", "modified": "2016-08-31T10:10:09.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad01-4384-495e-8c51-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:09.000Z", "modified": "2016-08-31T10:10:09.000Z", "description": "download location", "pattern": "[domain-name:value = 'wolffram.homepage.t-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad01-f1a8-4997-9234-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:09.000Z", "modified": "2016-08-31T10:10:09.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad02-1244-4e95-9ff3-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:10.000Z", "modified": "2016-08-31T10:10:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.shanty-chor-neuengoers.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad02-9a1c-448a-9f3c-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:10.000Z", "modified": "2016-08-31T10:10:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'onlineportal-2012.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad02-5c30-4979-8643-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:10.000Z", "modified": "2016-08-31T10:10:10.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.254.51.20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad02-e7a8-4556-9496-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:10.000Z", "modified": "2016-08-31T10:10:10.000Z", "description": "download location", "pattern": "[url:value = 'http://stanflorin10.go.ro/987nkjh8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad02-cefc-4e05-abb6-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:10.000Z", "modified": "2016-08-31T10:10:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'stanflorin10.go.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad02-2dc4-49ec-a938-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:10.000Z", "modified": "2016-08-31T10:10:10.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.196.20.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad03-c744-4f83-a46c-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:11.000Z", "modified": "2016-08-31T10:10:11.000Z", "description": "download location", "pattern": "[url:value = 'http://www.welt-weit.info/987nkjh8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad03-f4d0-4def-9328-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:11.000Z", "modified": "2016-08-31T10:10:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.welt-weit.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad03-f80c-463d-8bd8-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:11.000Z", "modified": "2016-08-31T10:10:11.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad03-b260-4570-be2a-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:11.000Z", "modified": "2016-08-31T10:10:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.facturi.go.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad03-6538-457a-be18-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:11.000Z", "modified": "2016-08-31T10:10:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'muellerfalk.homepage.t-online.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad04-3594-434b-b18a-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:12.000Z", "modified": "2016-08-31T10:10:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.vilastefania.go.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad04-d600-4d97-9c91-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:12.000Z", "modified": "2016-08-31T10:10:12.000Z", "description": "download location", "pattern": "[url:value = 'http://www.auret.at/987nkjh8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad04-a7d4-4b7f-a697-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:12.000Z", "modified": "2016-08-31T10:10:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.auret.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad04-391c-4faf-ab7a-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:12.000Z", "modified": "2016-08-31T10:10:12.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.116.84.99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad04-0204-4aa3-a08f-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:12.000Z", "modified": "2016-08-31T10:10:12.000Z", "description": "download location", "pattern": "[url:value = 'http://www.roboticapc.com/987nkjh8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad05-3e14-4fdd-bb39-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:13.000Z", "modified": "2016-08-31T10:10:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.roboticapc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad05-190c-46b6-a42e-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:13.000Z", "modified": "2016-08-31T10:10:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'lacomete52.perso.sfr.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6ad05-26f0-4336-8ede-b667950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T10:10:13.000Z", "modified": "2016-08-31T10:10:13.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.65.123.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T10:10:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }