{ "type": "bundle", "id": "bundle--57ee6d8c-0650-4c8a-9dfa-4f31950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:41.000Z", "modified": "2016-09-30T13:50:41.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57ee6d8c-0650-4c8a-9dfa-4f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:41.000Z", "modified": "2016-09-30T13:50:41.000Z", "name": "Malspam 2016-09-30 (.wsf in .zip) - campaign: \"Parcel details\"", "published": "2016-09-30T13:51:03Z", "object_refs": [ "indicator--57ee6dad-290c-4123-8016-4cea950d210f", "indicator--57ee6dad-a9d4-4132-a115-48e9950d210f", "indicator--57ee6dad-5aac-461c-802c-477d950d210f", "indicator--57ee6dae-9d28-44cc-9830-4145950d210f", "indicator--57ee6dae-59b4-476d-8846-4e81950d210f", "indicator--57ee6dae-a418-4f7e-8fdd-4164950d210f", "indicator--57ee6dae-5318-4955-ad4d-4526950d210f", "indicator--57ee6dae-79b0-42c8-aa35-4fad950d210f", "indicator--57ee6daf-bf6c-4433-9dd7-44bd950d210f", "indicator--57ee6daf-9788-4ce7-b4fd-469c950d210f", "indicator--57ee6daf-bac4-40a2-8029-405f950d210f", "indicator--57ee6daf-07e0-4e9b-9757-4264950d210f", "indicator--57ee6daf-1d54-4a2a-aaa8-4dc2950d210f", "indicator--57ee6db0-4814-4305-b92b-4530950d210f", "indicator--57ee6db0-4000-4f2f-b351-4f04950d210f", "indicator--57ee6db0-7d7c-4a67-a70e-449e950d210f", "indicator--57ee6db0-a2c4-4fdf-a57a-419f950d210f", "indicator--57ee6db1-8edc-4932-8b75-4740950d210f", "indicator--57ee6db1-a7f0-4039-881f-4c90950d210f", "indicator--57ee6db1-bca4-4371-b87b-4421950d210f", "indicator--57ee6db1-78f4-4ec2-97cc-4090950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6dad-290c-4123-8016-4cea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:37.000Z", "modified": "2016-09-30T13:50:37.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.6.196.150']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6dad-a9d4-4132-a115-48e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:37.000Z", "modified": "2016-09-30T13:50:37.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.50.231']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6dad-5aac-461c-802c-477d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:37.000Z", "modified": "2016-09-30T13:50:37.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.147.38.2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6dae-9d28-44cc-9830-4145950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:38.000Z", "modified": "2016-09-30T13:50:38.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.254.128.73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6dae-59b4-476d-8846-4e81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:38.000Z", "modified": "2016-09-30T13:50:38.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.210.120.156']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6dae-a418-4f7e-8fdd-4164950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:38.000Z", "modified": "2016-09-30T13:50:38.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.117.4.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6dae-5318-4955-ad4d-4526950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:38.000Z", "modified": "2016-09-30T13:50:38.000Z", "description": "download location", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.9.63.225']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6dae-79b0-42c8-aa35-4fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:38.000Z", "modified": "2016-09-30T13:50:38.000Z", "description": "download location", "pattern": "[domain-name:value = 'drugvacoa.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6daf-bf6c-4433-9dd7-44bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:39.000Z", "modified": "2016-09-30T13:50:39.000Z", "description": "download location", "pattern": "[domain-name:value = 'greenshootmedia.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6daf-9788-4ce7-b4fd-469c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:39.000Z", "modified": "2016-09-30T13:50:39.000Z", "description": "download location", "pattern": "[url:value = 'http://drugvacoa.net/6n00x']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6daf-bac4-40a2-8029-405f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:39.000Z", "modified": "2016-09-30T13:50:39.000Z", "description": "download location", "pattern": "[url:value = 'http://greenshootmedia.com/w1zanty']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6daf-07e0-4e9b-9757-4264950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:39.000Z", "modified": "2016-09-30T13:50:39.000Z", "description": "download location", "pattern": "[url:value = 'http://lust-vodka.com/fom7aof']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6daf-1d54-4a2a-aaa8-4dc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:39.000Z", "modified": "2016-09-30T13:50:39.000Z", "description": "download location", "pattern": "[url:value = 'http://puchipuchivirus.com/vvkqo7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6db0-4814-4305-b92b-4530950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:40.000Z", "modified": "2016-09-30T13:50:40.000Z", "description": "download location", "pattern": "[url:value = 'http://resboiu.ro/fpcmb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6db0-4000-4f2f-b351-4f04950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:40.000Z", "modified": "2016-09-30T13:50:40.000Z", "description": "download location", "pattern": "[url:value = 'http://room8008.com/g44ntci1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6db0-7d7c-4a67-a70e-449e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:40.000Z", "modified": "2016-09-30T13:50:40.000Z", "description": "download location", "pattern": "[url:value = 'http://unityquire.com/1nloic']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6db0-a2c4-4fdf-a57a-419f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:40.000Z", "modified": "2016-09-30T13:50:40.000Z", "description": "download location", "pattern": "[domain-name:value = 'lust-vodka.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6db1-8edc-4932-8b75-4740950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:41.000Z", "modified": "2016-09-30T13:50:41.000Z", "description": "download location", "pattern": "[domain-name:value = 'puchipuchivirus.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6db1-a7f0-4039-881f-4c90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:41.000Z", "modified": "2016-09-30T13:50:41.000Z", "description": "download location", "pattern": "[domain-name:value = 'resboiu.ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6db1-bca4-4371-b87b-4421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:41.000Z", "modified": "2016-09-30T13:50:41.000Z", "description": "download location", "pattern": "[domain-name:value = 'room8008.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ee6db1-78f4-4ec2-97cc-4090950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-09-30T13:50:41.000Z", "modified": "2016-09-30T13:50:41.000Z", "description": "download location", "pattern": "[domain-name:value = 'unityquire.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-09-30T13:50:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }