{ "type": "bundle", "id": "bundle--57c6cb1f-5d40-49cc-a24a-4cb2950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:17.000Z", "modified": "2016-08-31T12:28:17.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57c6cb1f-5d40-49cc-a24a-4cb2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:17.000Z", "modified": "2016-08-31T12:28:17.000Z", "name": "Malspam 2016-08-31 (.js in .zip) - campaign: \"bank transactions\"", "published": "2016-08-31T12:29:04Z", "object_refs": [ "indicator--57c6cd50-2f20-45c7-bc1f-4e2c950d210f", "indicator--57c6cd50-9d80-4e44-a94a-4690950d210f", "indicator--57c6cd50-b564-405b-aa1e-47f0950d210f", "indicator--57c6cd50-6b2c-4cc7-b87b-4a0e950d210f", "indicator--57c6cd50-9074-4fb4-ab12-4de4950d210f", "indicator--57c6cd51-32e8-4d83-b687-4204950d210f", "indicator--57c6cd51-b6f8-4ce4-89ed-439e950d210f", "indicator--57c6cd51-46b8-4260-a602-4f90950d210f", "indicator--57c6cd51-ffa8-41d7-bd86-4a64950d210f", "indicator--57c6cd51-c2e4-4748-a13f-4356950d210f", "indicator--57c6cd51-6a38-44c9-894b-4974950d210f", "indicator--57c6cd52-5c80-4cde-872c-492e950d210f", "indicator--57c6cd52-6754-4649-9258-489d950d210f", "indicator--57c6cd52-fb34-432e-a8b4-4751950d210f", "indicator--57c6cd52-ce58-48de-b1b5-4c0a950d210f", "indicator--57c6cd52-0554-48a9-b783-48f6950d210f", "indicator--57c6cd53-db78-4fb7-a556-44f9950d210f", "indicator--57c6cd53-409c-4ab0-88a5-4a6a950d210f", "indicator--57c6cd53-2e20-42e2-9fad-49a3950d210f", "indicator--57c6cd53-c564-472c-837e-475a950d210f", "indicator--57c6cd53-93ec-436f-bc39-4d82950d210f", "indicator--57c6cd53-f344-42a5-99fc-4b02950d210f", "indicator--57c6cd54-0e08-4354-b08d-400a950d210f", "indicator--57c6cd54-1d8c-483b-8a01-4a5a950d210f", "indicator--57c6cd54-78c8-4bf0-9fc4-44ed950d210f", "indicator--57c6cd54-1778-4816-bbdb-4c68950d210f", "indicator--57c6cd54-fad0-4deb-9193-4f95950d210f", "indicator--57c6cd55-0234-48da-8217-4817950d210f", "indicator--57c6cd55-a08c-4c86-9974-49a1950d210f", "indicator--57c6cd55-c494-46ab-acf4-4a74950d210f", "indicator--57c6cd55-8a28-4d19-88f5-4b65950d210f", "indicator--57c6cd55-c184-4e0d-976a-471f950d210f", "indicator--57c6cd55-ccc4-4e8a-a977-4025950d210f", "indicator--57c6cd56-9040-46be-82d2-42e8950d210f", "indicator--57c6cd56-d044-46fc-9d5c-45c5950d210f", "indicator--57c6cd56-1318-4440-b2b7-4876950d210f", "indicator--57c6cd56-8e7c-4041-8276-4fcd950d210f", "indicator--57c6cd56-3c28-4bd3-9339-494c950d210f", "indicator--57c6cd56-16f8-4d7f-8cbd-429e950d210f", "indicator--57c6cd57-8290-4f2f-9d17-4249950d210f", "indicator--57c6cd57-e370-4635-a3e9-4a5a950d210f", "indicator--57c6cd57-f9d0-4798-9ca1-48a7950d210f", "indicator--57c6cd57-8518-4cf2-891c-4ce4950d210f", "indicator--57c6cd57-814c-4c69-99ab-4b3d950d210f", "indicator--57c6cd58-6d60-458f-848c-4753950d210f", "indicator--57c6cd58-98b4-47eb-a2c2-4210950d210f", "indicator--57c6cd58-bae8-4336-a272-4a99950d210f", "indicator--57c6cd58-e770-431d-8144-41c8950d210f", "indicator--57c6cd58-4c78-4700-9397-4f65950d210f", "indicator--57c6cd59-2e58-422c-83f2-423e950d210f", "indicator--57c6cd59-58a0-4a0b-a9ef-4007950d210f", "indicator--57c6cd59-91e8-48ed-8c0d-476e950d210f", "indicator--57c6cd59-01a0-47ae-92b1-47f4950d210f", "indicator--57c6cd59-2248-4c9f-b896-4f5c950d210f", "indicator--57c6cd59-a14c-4a25-ba23-46c2950d210f", "indicator--57c6cd5a-fdb4-428a-b5a9-4390950d210f", "indicator--57c6cd5a-8b64-45cc-94f9-4777950d210f", "indicator--57c6cd5a-071c-4302-b32b-4a0a950d210f", "indicator--57c6cd5a-fc28-4f77-b306-467a950d210f", "indicator--57c6cd5a-3ca4-4191-a37e-4356950d210f", "indicator--57c6cd5b-8bdc-44a7-a89f-4540950d210f", "indicator--57c6cd5b-f060-4588-9fa6-44fe950d210f", "indicator--57c6cd5b-5090-463a-a379-4cc7950d210f", "indicator--57c6cd5b-9410-4593-8a5a-4199950d210f", "indicator--57c6cd5b-7e28-4c27-abb8-4077950d210f", "indicator--57c6cd5b-3298-4a23-bf9b-44fa950d210f", "indicator--57c6cd5c-1310-4fe3-9825-4aed950d210f", "indicator--57c6cd5c-d784-4079-8beb-4ee7950d210f", "indicator--57c6cd5c-4b50-4d54-8446-4883950d210f", "indicator--57c6cd5c-7a58-4bdd-87c3-42f8950d210f", "indicator--57c6cd5c-3a4c-4bbc-8a19-414b950d210f", "indicator--57c6cd5d-84b8-4afe-85fc-4941950d210f", "indicator--57c6cd5d-c224-4e6a-9beb-4f5a950d210f", "indicator--57c6cd5d-d1ec-4585-8c6b-4d6f950d210f", "indicator--57c6cd5d-3380-479d-a13a-4d4c950d210f", "indicator--57c6cd5d-0b68-40a2-a384-4c0e950d210f", "indicator--57c6cd5e-1e8c-44c7-a9a9-4dd9950d210f", "indicator--57c6cd5e-f5f4-48a0-8fe6-46db950d210f", "indicator--57c6cd5e-dd44-4ada-84ec-4f0b950d210f", "indicator--57c6cd5e-8708-4d4a-a7ed-41d0950d210f", "indicator--57c6cd5e-3c20-4479-af56-4024950d210f", "indicator--57c6cd5e-88e4-4ef4-b9b8-41ae950d210f", "indicator--57c6cd5f-0390-48d6-82e1-431d950d210f", "indicator--57c6cd5f-f668-4a9b-bcea-4382950d210f", "indicator--57c6cd5f-90e8-4151-9897-4da8950d210f", "indicator--57c6cd5f-0c44-49b8-8494-416a950d210f", "indicator--57c6cd5f-c964-42b4-94aa-41ac950d210f", "indicator--57c6cd5f-0428-4052-ace9-4de0950d210f", "indicator--57c6cd60-f270-4100-a918-4b5b950d210f", "indicator--57c6cd60-52a0-4c58-b0d9-4318950d210f", "indicator--57c6cd60-e1d4-429c-bedb-4143950d210f", "indicator--57c6cd60-eb18-4629-9812-4890950d210f", "indicator--57c6cd60-c838-460d-8895-4272950d210f", "indicator--57c6cd61-0928-45c7-be70-4a3f950d210f", "indicator--57c6cd61-18a4-42f7-8b8a-42bb950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd50-2f20-45c7-bc1f-4e2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:00.000Z", "modified": "2016-08-31T12:28:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.totalfitness.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd50-9d80-4e44-a94a-4690950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:00.000Z", "modified": "2016-08-31T12:28:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd50-b564-405b-aa1e-47f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:00.000Z", "modified": "2016-08-31T12:28:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'steelfs.com.mx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd50-6b2c-4cc7-b87b-4a0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:00.000Z", "modified": "2016-08-31T12:28:00.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.210.232.52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd50-9074-4fb4-ab12-4de4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:00.000Z", "modified": "2016-08-31T12:28:00.000Z", "description": "download location", "pattern": "[domain-name:value = 'foodbiz-net.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd51-32e8-4d83-b687-4204950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:01.000Z", "modified": "2016-08-31T12:28:01.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.13.196.136']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd51-b6f8-4ce4-89ed-439e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:01.000Z", "modified": "2016-08-31T12:28:01.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.mediawareonline.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd51-46b8-4260-a602-4f90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:01.000Z", "modified": "2016-08-31T12:28:01.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.104.43.3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd51-ffa8-41d7-bd86-4a64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:01.000Z", "modified": "2016-08-31T12:28:01.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.sashraf.plus.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd51-c2e4-4748-a13f-4356950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:01.000Z", "modified": "2016-08-31T12:28:01.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.159.8.91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd51-6a38-44c9-894b-4974950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:01.000Z", "modified": "2016-08-31T12:28:01.000Z", "description": "download location", "pattern": "[url:value = 'http://www.instalacionesjosearteaga.com/s7yy5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd52-5c80-4cde-872c-492e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:02.000Z", "modified": "2016-08-31T12:28:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.instalacionesjosearteaga.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd52-6754-4649-9258-489d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:02.000Z", "modified": "2016-08-31T12:28:02.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.42.230.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd52-fb34-432e-a8b4-4751950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:02.000Z", "modified": "2016-08-31T12:28:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.jramirez.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd52-ce58-48de-b1b5-4c0a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:02.000Z", "modified": "2016-08-31T12:28:02.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.smoes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd52-0554-48a9-b783-48f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:02.000Z", "modified": "2016-08-31T12:28:02.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.173.164.20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd53-db78-4fb7-a556-44f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:03.000Z", "modified": "2016-08-31T12:28:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'pkgame.cba.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd53-409c-4ab0-88a5-4a6a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:03.000Z", "modified": "2016-08-31T12:28:03.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.144.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd53-2e20-42e2-9fad-49a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:03.000Z", "modified": "2016-08-31T12:28:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.mbeccarini.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd53-c564-472c-837e-475a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:03.000Z", "modified": "2016-08-31T12:28:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'newt150.tripod.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd53-93ec-436f-bc39-4d82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:03.000Z", "modified": "2016-08-31T12:28:03.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.209.246.67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd53-f344-42a5-99fc-4b02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:03.000Z", "modified": "2016-08-31T12:28:03.000Z", "description": "download location", "pattern": "[domain-name:value = 'amandinearmand.perso.sfr.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd54-0e08-4354-b08d-400a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:04.000Z", "modified": "2016-08-31T12:28:04.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.65.123.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd54-1d8c-483b-8a01-4a5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:04.000Z", "modified": "2016-08-31T12:28:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.osservatoriofigurale.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd54-78c8-4bf0-9fc4-44ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:04.000Z", "modified": "2016-08-31T12:28:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'enigmes4saisons.perso.sfr.fr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd54-1778-4816-bbdb-4c68950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:04.000Z", "modified": "2016-08-31T12:28:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.ecotek-canada.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd54-fad0-4deb-9193-4f95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:04.000Z", "modified": "2016-08-31T12:28:04.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.29.151.221']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd55-0234-48da-8217-4817950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:04.000Z", "modified": "2016-08-31T12:28:04.000Z", "description": "download location", "pattern": "[domain-name:value = 'gebetech.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd55-a08c-4c86-9974-49a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:05.000Z", "modified": "2016-08-31T12:28:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.63.216.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd55-c494-46ab-acf4-4a74950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:05.000Z", "modified": "2016-08-31T12:28:05.000Z", "description": "download location", "pattern": "[domain-name:value = 'dev12.gammat.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd55-8a28-4d19-88f5-4b65950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:05.000Z", "modified": "2016-08-31T12:28:05.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.201.41.217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd55-c184-4e0d-976a-471f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:05.000Z", "modified": "2016-08-31T12:28:05.000Z", "description": "download location", "pattern": "[url:value = 'http://www.robtozier.com/nfltbyrp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd55-ccc4-4e8a-a977-4025950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:05.000Z", "modified": "2016-08-31T12:28:05.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.robtozier.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd56-9040-46be-82d2-42e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:06.000Z", "modified": "2016-08-31T12:28:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.230.196.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd56-d044-46fc-9d5c-45c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:06.000Z", "modified": "2016-08-31T12:28:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.96.153.93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd56-1318-4440-b2b7-4876950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:06.000Z", "modified": "2016-08-31T12:28:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'two-capitals.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd56-8e7c-4041-8276-4fcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:06.000Z", "modified": "2016-08-31T12:28:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.208.0.121']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd56-3c28-4bd3-9339-494c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:06.000Z", "modified": "2016-08-31T12:28:06.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.visionaero.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd56-16f8-4d7f-8cbd-429e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:06.000Z", "modified": "2016-08-31T12:28:06.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.71.34.45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd57-8290-4f2f-9d17-4249950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:07.000Z", "modified": "2016-08-31T12:28:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'smc.psuti.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd57-e370-4635-a3e9-4a5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:07.000Z", "modified": "2016-08-31T12:28:07.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.25.37.27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd57-f9d0-4798-9ca1-48a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:07.000Z", "modified": "2016-08-31T12:28:07.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.vincenzofranchino.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd57-8518-4cf2-891c-4ce4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:07.000Z", "modified": "2016-08-31T12:28:07.000Z", "description": "download location", "pattern": "[url:value = 'http://01ad681.netsolhost.com/ym0zloe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd57-814c-4c69-99ab-4b3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:07.000Z", "modified": "2016-08-31T12:28:07.000Z", "description": "download location", "pattern": "[domain-name:value = '01ad681.netsolhost.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd58-6d60-458f-848c-4753950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:08.000Z", "modified": "2016-08-31T12:28:08.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.188.192.236']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd58-98b4-47eb-a2c2-4210950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:08.000Z", "modified": "2016-08-31T12:28:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.opal.webserwer.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd58-bae8-4336-a272-4a99950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:08.000Z", "modified": "2016-08-31T12:28:08.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.32.162.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd58-e770-431d-8144-41c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:08.000Z", "modified": "2016-08-31T12:28:08.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.ferresur.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd58-4c78-4700-9397-4f65950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:08.000Z", "modified": "2016-08-31T12:28:08.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.34.140.236']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd59-2e58-422c-83f2-423e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:09.000Z", "modified": "2016-08-31T12:28:09.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.vissershuisje-bredene.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd59-58a0-4a0b-a9ef-4007950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:09.000Z", "modified": "2016-08-31T12:28:09.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.130.132.84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd59-91e8-48ed-8c0d-476e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:09.000Z", "modified": "2016-08-31T12:28:09.000Z", "description": "download location", "pattern": "[domain-name:value = 'twup.com.br']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd59-01a0-47ae-92b1-47f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:09.000Z", "modified": "2016-08-31T12:28:09.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.45.240.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd59-2248-4c9f-b896-4f5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:09.000Z", "modified": "2016-08-31T12:28:09.000Z", "description": "download location", "pattern": "[url:value = 'http://80.241.232.207/tpryd9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd59-a14c-4a25-ba23-46c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:09.000Z", "modified": "2016-08-31T12:28:09.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.241.232.207']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5a-fdb4-428a-b5a9-4390950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:10.000Z", "modified": "2016-08-31T12:28:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'impregui.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5a-8b64-45cc-94f9-4777950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:10.000Z", "modified": "2016-08-31T12:28:10.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '134.0.11.184']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5a-071c-4302-b32b-4a0a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:10.000Z", "modified": "2016-08-31T12:28:10.000Z", "description": "download location", "pattern": "[url:value = 'http://www.jenohorvath.be/xac2y8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5a-fc28-4f77-b306-467a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:10.000Z", "modified": "2016-08-31T12:28:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.jenohorvath.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5a-3ca4-4191-a37e-4356950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:10.000Z", "modified": "2016-08-31T12:28:10.000Z", "description": "download location", "pattern": "[domain-name:value = 'realm-of-rage.heimat.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5b-8bdc-44a7-a89f-4540950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:11.000Z", "modified": "2016-08-31T12:28:11.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.208.133.41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5b-f060-4588-9fa6-44fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:11.000Z", "modified": "2016-08-31T12:28:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'kallait.szm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5b-5090-463a-a379-4cc7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:11.000Z", "modified": "2016-08-31T12:28:11.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.248.42.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5b-9410-4593-8a5a-4199950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:11.000Z", "modified": "2016-08-31T12:28:11.000Z", "description": "download location", "pattern": "[url:value = 'http://www.galleriacolonna.org/euhyxd5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5b-7e28-4c27-abb8-4077950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:11.000Z", "modified": "2016-08-31T12:28:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.galleriacolonna.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5b-3298-4a23-bf9b-44fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:11.000Z", "modified": "2016-08-31T12:28:11.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.orad.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5c-1310-4fe3-9825-4aed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:12.000Z", "modified": "2016-08-31T12:28:12.000Z", "description": "download location", "pattern": "[url:value = 'http://robbeottoy.dommel.be/pb435ks']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5c-d784-4079-8beb-4ee7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:12.000Z", "modified": "2016-08-31T12:28:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'robbeottoy.dommel.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5c-4b50-4d54-8446-4883950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:12.000Z", "modified": "2016-08-31T12:28:12.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.109.184.81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5c-7a58-4bdd-87c3-42f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:12.000Z", "modified": "2016-08-31T12:28:12.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.europegreen.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5c-3a4c-4bbc-8a19-414b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:12.000Z", "modified": "2016-08-31T12:28:12.000Z", "description": "download location", "pattern": "[url:value = 'http://cybersocialization.ru/c1uxu7w9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5d-84b8-4afe-85fc-4941950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:13.000Z", "modified": "2016-08-31T12:28:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'cybersocialization.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5d-c224-4e6a-9beb-4f5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:13.000Z", "modified": "2016-08-31T12:28:13.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.139.111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5d-d1ec-4585-8c6b-4d6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:13.000Z", "modified": "2016-08-31T12:28:13.000Z", "description": "download location", "pattern": "[url:value = 'http://alci.dommel.be/tzydtpf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5d-3380-479d-a13a-4d4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:13.000Z", "modified": "2016-08-31T12:28:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'alci.dommel.be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5d-0b68-40a2-a384-4c0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:13.000Z", "modified": "2016-08-31T12:28:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.fulvio77.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5e-1e8c-44c7-a9a9-4dd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:13.000Z", "modified": "2016-08-31T12:28:13.000Z", "description": "download location", "pattern": "[domain-name:value = 'akristall.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5e-f5f4-48a0-8fe6-46db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:14.000Z", "modified": "2016-08-31T12:28:14.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.208.1.136']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5e-dd44-4ada-84ec-4f0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:14.000Z", "modified": "2016-08-31T12:28:14.000Z", "description": "download location", "pattern": "[domain-name:value = 'abufarha.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5e-8708-4d4a-a7ed-41d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:14.000Z", "modified": "2016-08-31T12:28:14.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.147.240.193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5e-3c20-4479-af56-4024950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:14.000Z", "modified": "2016-08-31T12:28:14.000Z", "description": "download location", "pattern": "[domain-name:value = 'izeinstruments.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5e-88e4-4ef4-b9b8-41ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:14.000Z", "modified": "2016-08-31T12:28:14.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.251.43.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5f-0390-48d6-82e1-431d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:15.000Z", "modified": "2016-08-31T12:28:15.000Z", "description": "download location", "pattern": "[url:value = 'http://my.st21.ru/ecm04dx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5f-f668-4a9b-bcea-4382950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:15.000Z", "modified": "2016-08-31T12:28:15.000Z", "description": "download location", "pattern": "[domain-name:value = 'my.st21.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5f-90e8-4151-9897-4da8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:15.000Z", "modified": "2016-08-31T12:28:15.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.107.219.83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5f-0c44-49b8-8494-416a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:15.000Z", "modified": "2016-08-31T12:28:15.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.nadelaur.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5f-c964-42b4-94aa-41ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:15.000Z", "modified": "2016-08-31T12:28:15.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.26.129.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd5f-0428-4052-ace9-4de0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:15.000Z", "modified": "2016-08-31T12:28:15.000Z", "description": "download location", "pattern": "[domain-name:value = 'akeseverin.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd60-f270-4100-a918-4b5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:16.000Z", "modified": "2016-08-31T12:28:16.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.88.57.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd60-52a0-4c58-b0d9-4318950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:16.000Z", "modified": "2016-08-31T12:28:16.000Z", "description": "download location", "pattern": "[url:value = 'http://210.240.104.2/6gycr4x']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd60-e1d4-429c-bedb-4143950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:16.000Z", "modified": "2016-08-31T12:28:16.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.240.104.2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd60-eb18-4629-9812-4890950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:16.000Z", "modified": "2016-08-31T12:28:16.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.liviazottola.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd60-c838-460d-8895-4272950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:16.000Z", "modified": "2016-08-31T12:28:16.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.208.197.252']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd61-0928-45c7-be70-4a3f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:17.000Z", "modified": "2016-08-31T12:28:17.000Z", "description": "download location", "pattern": "[domain-name:value = 'www.meta.metro.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c6cd61-18a4-42f7-8b8a-42bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-31T12:28:17.000Z", "modified": "2016-08-31T12:28:17.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.91.160.34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-31T12:28:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }