{ "type": "bundle", "id": "bundle--57d9227b-d318-4c5a-9045-4fc3950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:58.000Z", "modified": "2016-09-14T10:12:58.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57d9227b-d318-4c5a-9045-4fc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:58.000Z", "modified": "2016-09-14T10:12:58.000Z", "name": "Malspam 2016-09-14 (.wsf in .zip) - campaign: \"Tax invoice\"", "published": "2016-09-14T10:13:08Z", "object_refs": [ "indicator--57d922a7-7a00-478b-b085-4c4b950d210f", "indicator--57d922a7-b548-43b8-8b49-48c9950d210f", "indicator--57d922a8-5590-47c8-830b-4e24950d210f", "indicator--57d922a8-4778-4ef5-9e52-4d56950d210f", "indicator--57d922a8-aa90-42c6-b9d4-479d950d210f", "indicator--57d922a8-7ed4-4e7e-80f5-4479950d210f", "indicator--57d922a8-8cf8-47e4-8f05-45e9950d210f", "indicator--57d922a9-6bac-44de-9084-4717950d210f", "indicator--57d922a9-0b4c-41b4-a949-47cd950d210f", "indicator--57d922a9-6a14-4688-b631-49df950d210f", "indicator--57d922a9-2dcc-4ec1-8bd3-404a950d210f", "indicator--57d922aa-2538-4e3e-b563-44e3950d210f", "indicator--57d922aa-cd08-4703-8509-4cb5950d210f", "indicator--57d922aa-edec-48e7-ba2d-49f6950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a7-7a00-478b-b085-4c4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:55.000Z", "modified": "2016-09-14T10:12:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.208.86.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a7-b548-43b8-8b49-48c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:55.000Z", "modified": "2016-09-14T10:12:55.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.212.131.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a8-5590-47c8-830b-4e24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:56.000Z", "modified": "2016-09-14T10:12:56.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.3.7.44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a8-4778-4ef5-9e52-4d56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:56.000Z", "modified": "2016-09-14T10:12:56.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.200.70.6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a8-aa90-42c6-b9d4-479d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:56.000Z", "modified": "2016-09-14T10:12:56.000Z", "description": "download location", "pattern": "[domain-name:value = 'adzebury.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a8-7ed4-4e7e-80f5-4479950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:56.000Z", "modified": "2016-09-14T10:12:56.000Z", "description": "download location", "pattern": "[domain-name:value = 'duelrid.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a8-8cf8-47e4-8f05-45e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:56.000Z", "modified": "2016-09-14T10:12:56.000Z", "description": "download location", "pattern": "[url:value = 'http://adzebury.com/dsd7gk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a9-6bac-44de-9084-4717950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:57.000Z", "modified": "2016-09-14T10:12:57.000Z", "description": "download location", "pattern": "[url:value = 'http://duelrid.com/b9m1t']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a9-0b4c-41b4-a949-47cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:57.000Z", "modified": "2016-09-14T10:12:57.000Z", "description": "download location", "pattern": "[url:value = 'http://maydayen.net/e3ib4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a9-6a14-4688-b631-49df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:57.000Z", "modified": "2016-09-14T10:12:57.000Z", "description": "download location", "pattern": "[url:value = 'http://morningaamu.com/6wdyivzv']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922a9-2dcc-4ec1-8bd3-404a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:57.000Z", "modified": "2016-09-14T10:12:57.000Z", "description": "download location", "pattern": "[url:value = 'http://smilehymy.com/f72gngb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922aa-2538-4e3e-b563-44e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:58.000Z", "modified": "2016-09-14T10:12:58.000Z", "description": "download location", "pattern": "[domain-name:value = 'maydayen.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922aa-cd08-4703-8509-4cb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:58.000Z", "modified": "2016-09-14T10:12:58.000Z", "description": "download location", "pattern": "[domain-name:value = 'morningaamu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d922aa-edec-48e7-ba2d-49f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-14T10:12:58.000Z", "modified": "2016-09-14T10:12:58.000Z", "description": "download location", "pattern": "[domain-name:value = 'smilehymy.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-14T10:12:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }